From 94ea573baf9d3168b9c6f7dda1d0390e1fc51fa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Ho=C3=9F?= Date: Fri, 13 Sep 2024 16:33:55 +0200 Subject: [PATCH 1/5] fix examples MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sebastian Hoß --- .../data-source.tf | 4 +++- .../data-source.tf | 2 +- .../data-source.tf | 2 +- .../data-source.tf | 1 + .../data-source.tf | 1 + .../data-source.tf | 1 + .../data-source.tf | 1 + .../data-source.tf | 6 ++++++ .../data-source.tf | 3 +++ .../data-source.tf | 5 ++++- 10 files changed, 22 insertions(+), 4 deletions(-) diff --git a/examples/data-sources/k8s_cilium_io_cilium_cidr_group_v2alpha1_manifest/data-source.tf b/examples/data-sources/k8s_cilium_io_cilium_cidr_group_v2alpha1_manifest/data-source.tf index e343ab21d..cd91c5e9b 100644 --- a/examples/data-sources/k8s_cilium_io_cilium_cidr_group_v2alpha1_manifest/data-source.tf +++ b/examples/data-sources/k8s_cilium_io_cilium_cidr_group_v2alpha1_manifest/data-source.tf @@ -1,6 +1,8 @@ data "k8s_cilium_io_cilium_cidr_group_v2alpha1_manifest" "example" { metadata = { name = "some-name" - + } + spec = { + external_cidrs = [] } } diff --git a/examples/data-sources/k8s_cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest/data-source.tf b/examples/data-sources/k8s_cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest/data-source.tf index 3bd492fd0..b2578e423 100644 --- a/examples/data-sources/k8s_cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest/data-source.tf +++ b/examples/data-sources/k8s_cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest/data-source.tf @@ -1,6 +1,6 @@ data "k8s_cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest" "example" { metadata = { name = "some-name" - } + spec = {} } diff --git a/examples/data-sources/k8s_cilium_io_cilium_pod_ip_pool_v2alpha1_manifest/data-source.tf b/examples/data-sources/k8s_cilium_io_cilium_pod_ip_pool_v2alpha1_manifest/data-source.tf index 8b0d414ed..9343ff37f 100644 --- a/examples/data-sources/k8s_cilium_io_cilium_pod_ip_pool_v2alpha1_manifest/data-source.tf +++ b/examples/data-sources/k8s_cilium_io_cilium_pod_ip_pool_v2alpha1_manifest/data-source.tf @@ -1,6 +1,6 @@ data "k8s_cilium_io_cilium_pod_ip_pool_v2alpha1_manifest" "example" { metadata = { name = "some-name" - } + spec = {} } diff --git a/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2_manifest/data-source.tf index ce61aef76..f32371db4 100644 --- a/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2_manifest/data-source.tf @@ -5,5 +5,6 @@ data "k8s_kyverno_io_cleanup_policy_v2_manifest" "example" { } spec = { schedule = "some-schedule" + match = {} } } diff --git a/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2beta1_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2beta1_manifest/data-source.tf index 23b9c4eb1..7938e3c4a 100644 --- a/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2beta1_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2beta1_manifest/data-source.tf @@ -5,5 +5,6 @@ data "k8s_kyverno_io_cleanup_policy_v2beta1_manifest" "example" { } spec = { schedule = "some-schedule" + match = {} } } diff --git a/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2_manifest/data-source.tf index f264ec7f3..6d12a9115 100644 --- a/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2_manifest/data-source.tf @@ -4,5 +4,6 @@ data "k8s_kyverno_io_cluster_cleanup_policy_v2_manifest" "example" { } spec = { schedule = "some-schedule" + match = {} } } diff --git a/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest/data-source.tf index 7caaca823..7461aee7a 100644 --- a/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest/data-source.tf @@ -4,5 +4,6 @@ data "k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest" "example" { } spec = { schedule = "some-schedule" + match = {} } } diff --git a/examples/data-sources/k8s_kyverno_io_cluster_policy_v1_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cluster_policy_v1_manifest/data-source.tf index e4399e1a2..ea0cfd211 100644 --- a/examples/data-sources/k8s_kyverno_io_cluster_policy_v1_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cluster_policy_v1_manifest/data-source.tf @@ -6,6 +6,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "example" { rules = [ { name = "some-rule" + match = {} context = [ { name = "response" @@ -33,6 +34,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "int_value" { rules = [ { name = "some-rule" + match = {} context = [ { name = "response" @@ -60,6 +62,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "bool_value" { rules = [ { name = "some-rule" + match = {} context = [ { name = "response" @@ -87,6 +90,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "array_value" { rules = [ { name = "some-rule" + match = {} context = [ { name = "response" @@ -114,6 +118,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "map_value" { rules = [ { name = "some-rule" + match = {} context = [ { name = "response" @@ -141,6 +146,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "mixed_value" { rules = [ { name = "some-rule" + match = {} context = [ { name = "response" diff --git a/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta1_manifest/data-source.tf b/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta1_manifest/data-source.tf index 658e9a036..ec8bbf8b2 100644 --- a/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta1_manifest/data-source.tf +++ b/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta1_manifest/data-source.tf @@ -6,5 +6,8 @@ data "k8s_notification_toolkit_fluxcd_io_receiver_v1beta1_manifest" "example" { spec = { type = "generic" resources = [] + secret_ref = { + name = "some-secret" + } } } diff --git a/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest/data-source.tf b/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest/data-source.tf index 615222f96..8ca046673 100644 --- a/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest/data-source.tf +++ b/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest/data-source.tf @@ -4,7 +4,10 @@ data "k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest" "example" { namespace = "some-namespace" } spec = { - type = "generic" + type = "generic" resources = [] + secret_ref = { + name = "some-secret" + } } } From b1eddf6797416e4a6bf176daf92449290f2b0233 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Ho=C3=9F?= Date: Fri, 13 Sep 2024 16:34:13 +0200 Subject: [PATCH 2/5] fix snake case for CIDR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sebastian Hoß --- tools/internal/generator/converter.go | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/internal/generator/converter.go b/tools/internal/generator/converter.go index b7cf65ee5..2f59af4b8 100644 --- a/tools/internal/generator/converter.go +++ b/tools/internal/generator/converter.go @@ -317,6 +317,7 @@ func terraformAttributeName(str string, rootPath bool) string { clean = strings.Replace(clean, "$", "Dollar", 1) } clean = strings.ReplaceAll(clean, "URL", "Url") + clean = strings.ReplaceAll(clean, "CIDR", "Cidr") clean = toSnakeCase(clean) return clean } From 58f6f1d1d8e3d59b2b28b17415e6e854c657a412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Ho=C3=9F?= Date: Fri, 13 Sep 2024 16:34:38 +0200 Subject: [PATCH 3/5] re-generate sources MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sebastian Hoß --- ...ane_io_composition_revision_v1_manifest.go | 4 +- ...o_composition_revision_v1beta1_manifest.go | 4 +- ...net_io_feed_inventory_v1alpha1_manifest.go | 32 +- ...ernet_io_subscription_v1alpha1_manifest.go | 4 +- ...io_cluster_definition_v1alpha1_manifest.go | 4 +- ...kubeblocks_io_cluster_v1alpha1_manifest.go | 12 +- ..._component_definition_v1alpha1_manifest.go | 37 +- ..._io_component_version_v1alpha1_manifest.go | 4 +- ...ocks_io_configuration_v1alpha1_manifest.go | 13 +- ...spike_com_aerospike_cluster_v1_manifest.go | 2626 ++++++++--------- ..._com_aerospike_cluster_v1beta1_manifest.go | 2588 ++++++++-------- ...he_org_integration_platform_v1_manifest.go | 4 +- ...che_org_integration_profile_v1_manifest.go | 4 +- ...amel_apache_org_integration_v1_manifest.go | 4 +- .../camel_apache_org_pipe_v1_manifest.go | 4 +- ...e_org_kamelet_binding_v1alpha1_manifest.go | 4 +- ...h_rook_io_ceph_object_store_v1_manifest.go | 111 +- ...ph_rook_io_ceph_object_zone_v1_manifest.go | 111 +- ...um_clusterwide_envoy_config_v2_manifest.go | 60 +- ..._clusterwide_network_policy_v2_manifest.go | 1556 +++++----- ...ilium_egress_gateway_policy_v2_manifest.go | 76 +- ...lium_io_cilium_envoy_config_v2_manifest.go | 60 +- ...io_cilium_external_workload_v2_manifest.go | 12 +- .../cilium_io_cilium_identity_v2_manifest.go | 4 +- ...ilium_local_redirect_policy_v2_manifest.go | 88 +- ...um_io_cilium_network_policy_v2_manifest.go | 1556 +++++----- .../cilium_io_cilium_node_v2_manifest.go | 168 +- ...um_bgp_peering_policy_v2alpha1_manifest.go | 144 +- ..._io_cilium_cidr_group_v2alpha1_manifest.go | 8 +- ...cilium_endpoint_slice_v2alpha1_manifest.go | 20 +- ...2_announcement_policy_v2alpha1_manifest.go | 44 +- ...load_balancer_ip_pool_v2alpha1_manifest.go | 32 +- ...io_cilium_pod_ip_pool_v2alpha1_manifest.go | 4 +- ...ico_org_felix_configuration_v1_manifest.go | 8 +- ...ctcalico_org_ip_reservation_v1_manifest.go | 4 +- ...vices_k8s_aws_cluster_v1alpha1_manifest.go | 4 +- ...s_ingress_class_params_v1beta1_manifest.go | 4 +- ...serv_io_flow_collector_v1beta1_manifest.go | 65 +- ...serv_io_flow_collector_v1beta2_manifest.go | 169 +- ...ent_io_cluster_output_v1alpha2_manifest.go | 134 +- ...tbit_fluent_io_output_v1alpha2_manifest.go | 134 +- ...klift_konveyor_io_plan_v1beta1_manifest.go | 4 +- ...lient_settings_policy_v1alpha1_manifest.go | 8 +- ...nginx_org_nginx_proxy_v1alpha1_manifest.go | 74 +- .../gateway_solo_io_gateway_v1_manifest.go | 92 +- ...o_io_matchable_http_gateway_v1_manifest.go | 46 +- ...ateway_solo_io_route_option_v1_manifest.go | 192 -- ...gateway_solo_io_route_table_v1_manifest.go | 192 -- ...solo_io_virtual_host_option_v1_manifest.go | 27 - ...way_solo_io_virtual_service_v1_manifest.go | 219 -- .../gloo_solo_io_upstream_v1_manifest.go | 69 - ...e_openshift_io_machine_pool_v1_manifest.go | 18 +- ...cd_io_image_repository_v1beta1_manifest.go | 8 +- ...mage_update_automation_v1beta1_manifest.go | 4 +- ...cd_io_image_repository_v1beta2_manifest.go | 40 +- ...mage_update_automation_v1beta2_manifest.go | 4 +- ..._mariadb_com_maria_db_v1alpha1_manifest.go | 11 +- ...ueue_x_k8s_io_workload_v1beta1_manifest.go | 302 +- .../kyverno_io_cluster_policy_v1_manifest.go | 189 +- .../kyverno_io_policy_v1_manifest.go | 189 +- .../kyverno_io_cleanup_policy_v2_manifest.go | 41 +- ...o_io_cluster_cleanup_policy_v2_manifest.go | 41 +- ..._global_context_entry_v2alpha1_manifest.go | 33 +- ...erno_io_cleanup_policy_v2beta1_manifest.go | 41 +- ...cluster_cleanup_policy_v2beta1_manifest.go | 41 +- ...erno_io_cluster_policy_v2beta1_manifest.go | 189 +- .../kyverno_io_policy_v2beta1_manifest.go | 189 +- ...ervices_k8s_aws_alias_v1alpha1_manifest.go | 11 +- ..._event_source_mapping_v1alpha1_manifest.go | 33 +- ...s_function_url_config_v1alpha1_manifest.go | 11 +- ...ices_k8s_aws_function_v1alpha1_manifest.go | 55 +- ...vices_k8s_aws_version_v1alpha1_manifest.go | 11 +- ...loki_grafana_com_loki_stack_v1_manifest.go | 336 --- ...ing_coreos_com_alertmanager_v1_manifest.go | 53 +- ...ring_coreos_com_pod_monitor_v1_manifest.go | 12 +- ...monitoring_coreos_com_probe_v1_manifest.go | 12 +- ...oring_coreos_com_prometheus_v1_manifest.go | 48 +- ..._coreos_com_service_monitor_v1_manifest.go | 12 +- ...m_alertmanager_config_v1alpha1_manifest.go | 636 +--- ..._com_prometheus_agent_v1alpha1_manifest.go | 24 +- ...eos_com_scrape_config_v1alpha1_manifest.go | 372 +-- ...om_alertmanager_config_v1beta1_manifest.go | 636 +--- ...o_cluster_info_import_v1alpha1_manifest.go | 4 +- ...ea_io_resource_export_v1alpha1_manifest.go | 4 +- ...ea_io_resource_import_v1alpha1_manifest.go | 4 +- ...oolkit_fluxcd_io_alert_v1beta1_manifest.go | 4 +- ...kit_fluxcd_io_receiver_v1beta1_manifest.go | 8 +- ...kit_fluxcd_io_receiver_v1beta2_manifest.go | 4 +- ...erator_tigera_io_api_server_v1_manifest.go | 2 +- ...tigera_io_application_layer_v1_manifest.go | 21 - ...ator_tigera_io_installation_v1_manifest.go | 4 +- ...gera_io_intrusion_detection_v1_manifest.go | 131 - ...org_eclipse_che_che_cluster_v2_manifest.go | 21 - ...cona_com_percona_pg_cluster_v2_manifest.go | 81 - ...chydata_com_pg_upgrade_v1beta1_manifest.go | 4 +- ...a_com_postgres_cluster_v1beta1_manifest.go | 2 +- .../postgresql_cnpg_io_cluster_v1_manifest.go | 9 - ...ev_teleport_provision_token_v2_manifest.go | 9 - ...sonata_flow_platform_v1alpha08_manifest.go | 8 +- ...flow_org_sonata_flow_v1alpha08_manifest.go | 4 +- ...uled_spark_application_v1beta2_manifest.go | 26 +- ...s_io_spark_application_v1beta2_manifest.go | 26 +- .../submariner_io_broker_v1alpha1_manifest.go | 18 - ..._io_service_discovery_v1alpha1_manifest.go | 18 - ...mariner_io_submariner_v1alpha1_manifest.go | 18 - ...plication_destination_v1alpha1_manifest.go | 13 +- ...rces_k8s_aws_cni_node_v1alpha1_manifest.go | 4 +- ..._security_group_policy_v1beta1_manifest.go | 32 +- 108 files changed, 5528 insertions(+), 9400 deletions(-) diff --git a/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_revision_v1_manifest.go b/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_revision_v1_manifest.go index edcfb24bd..d9b873446 100644 --- a/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_revision_v1_manifest.go +++ b/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_revision_v1_manifest.go @@ -2122,8 +2122,8 @@ func (r *ApiextensionsCrossplaneIoCompositionRevisionV1Manifest) Schema(_ contex }, "revision": schema.Int64Attribute{ - Description: "Revision number. Newer revisions have larger numbers.This number can change. When a Composition transitions from state A-> B -> A there will be only two CompositionRevisions. Crossplane willedit the original CompositionRevision to change its revision number from0 to 2.", - MarkdownDescription: "Revision number. Newer revisions have larger numbers.This number can change. When a Composition transitions from state A-> B -> A there will be only two CompositionRevisions. Crossplane willedit the original CompositionRevision to change its revision number from0 to 2.", + Description: "Revision number. Newer revisions have larger numbers.", + MarkdownDescription: "Revision number. Newer revisions have larger numbers.", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/apiextensions_crossplane_io_v1beta1/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.go b/internal/provider/apiextensions_crossplane_io_v1beta1/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.go index 6dee8c16e..efaad7fbc 100644 --- a/internal/provider/apiextensions_crossplane_io_v1beta1/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.go +++ b/internal/provider/apiextensions_crossplane_io_v1beta1/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.go @@ -2122,8 +2122,8 @@ func (r *ApiextensionsCrossplaneIoCompositionRevisionV1Beta1Manifest) Schema(_ c }, "revision": schema.Int64Attribute{ - Description: "Revision number. Newer revisions have larger numbers.This number can change. When a Composition transitions from state A-> B -> A there will be only two CompositionRevisions. Crossplane willedit the original CompositionRevision to change its revision number from0 to 2.", - MarkdownDescription: "Revision number. Newer revisions have larger numbers.This number can change. When a Composition transitions from state A-> B -> A there will be only two CompositionRevisions. Crossplane willedit the original CompositionRevision to change its revision number from0 to 2.", + Description: "Revision number. Newer revisions have larger numbers.", + MarkdownDescription: "Revision number. Newer revisions have larger numbers.", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/apps_clusternet_io_v1alpha1/apps_clusternet_io_feed_inventory_v1alpha1_manifest.go b/internal/provider/apps_clusternet_io_v1alpha1/apps_clusternet_io_feed_inventory_v1alpha1_manifest.go index 3ed44c437..d39a5b613 100644 --- a/internal/provider/apps_clusternet_io_v1alpha1/apps_clusternet_io_feed_inventory_v1alpha1_manifest.go +++ b/internal/provider/apps_clusternet_io_v1alpha1/apps_clusternet_io_feed_inventory_v1alpha1_manifest.go @@ -609,8 +609,8 @@ func (r *AppsClusternetIoFeedInventoryV1Alpha1Manifest) Schema(_ context.Context }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -618,8 +618,8 @@ func (r *AppsClusternetIoFeedInventoryV1Alpha1Manifest) Schema(_ context.Context }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -776,8 +776,8 @@ func (r *AppsClusternetIoFeedInventoryV1Alpha1Manifest) Schema(_ context.Context }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -785,8 +785,8 @@ func (r *AppsClusternetIoFeedInventoryV1Alpha1Manifest) Schema(_ context.Context }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -943,8 +943,8 @@ func (r *AppsClusternetIoFeedInventoryV1Alpha1Manifest) Schema(_ context.Context }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -952,8 +952,8 @@ func (r *AppsClusternetIoFeedInventoryV1Alpha1Manifest) Schema(_ context.Context }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1110,8 +1110,8 @@ func (r *AppsClusternetIoFeedInventoryV1Alpha1Manifest) Schema(_ context.Context }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1119,8 +1119,8 @@ func (r *AppsClusternetIoFeedInventoryV1Alpha1Manifest) Schema(_ context.Context }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/apps_clusternet_io_v1alpha1/apps_clusternet_io_subscription_v1alpha1_manifest.go b/internal/provider/apps_clusternet_io_v1alpha1/apps_clusternet_io_subscription_v1alpha1_manifest.go index 4b01424ab..2e1cd1172 100644 --- a/internal/provider/apps_clusternet_io_v1alpha1/apps_clusternet_io_subscription_v1alpha1_manifest.go +++ b/internal/provider/apps_clusternet_io_v1alpha1/apps_clusternet_io_subscription_v1alpha1_manifest.go @@ -459,8 +459,8 @@ func (r *AppsClusternetIoSubscriptionV1Alpha1Manifest) Schema(_ context.Context, }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.go index 35e5ca6bb..d83817748 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.go @@ -135,8 +135,8 @@ func (r *AppsKubeblocksIoClusterDefinitionV1Alpha1Manifest) Schema(_ context.Con NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "comp_def": schema.StringAttribute{ - Description: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) that defines the Component's characteristics and behavior.The system selects the ComponentDefinition CR with the latest version that matches the pattern.This approach allows:1. Precise selection by providing the exact name of a ComponentDefinition CR.2. Flexible and automatic selection of the most up-to-date ComponentDefinition CR by specifying a name prefix or regular expression pattern.Once set, this field cannot be updated.", - MarkdownDescription: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) that defines the Component's characteristics and behavior.The system selects the ComponentDefinition CR with the latest version that matches the pattern.This approach allows:1. Precise selection by providing the exact name of a ComponentDefinition CR.2. Flexible and automatic selection of the most up-to-date ComponentDefinition CR by specifying a name prefix or regular expression pattern.Once set, this field cannot be updated.", + Description: "Specifies the name or prefix of the ComponentDefinition custom resource(CR) thatdefines the Component's characteristics and behavior.When a prefix is used, the system selects the ComponentDefinition CR with the latest version that matches the prefix.This approach allows:1. Precise selection by providing the exact name of a ComponentDefinition CR.2. Flexible and automatic selection of the most up-to-date ComponentDefinition CR by specifying a prefix.Once set, this field cannot be updated.", + MarkdownDescription: "Specifies the name or prefix of the ComponentDefinition custom resource(CR) thatdefines the Component's characteristics and behavior.When a prefix is used, the system selects the ComponentDefinition CR with the latest version that matches the prefix.This approach allows:1. Precise selection by providing the exact name of a ComponentDefinition CR.2. Flexible and automatic selection of the most up-to-date ComponentDefinition CR by specifying a prefix.Once set, this field cannot be updated.", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_v1alpha1_manifest.go index ea1cc8dfb..8ec7e1884 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_v1alpha1_manifest.go @@ -2870,8 +2870,8 @@ func (r *AppsKubeblocksIoClusterV1Alpha1Manifest) Schema(_ context.Context, _ da }, "component_def": schema.StringAttribute{ - Description: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) that defines the Component's characteristics and behavior.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'.", - MarkdownDescription: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) that defines the Component's characteristics and behavior.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'.", + Description: "References the name of a ComponentDefinition object.The ComponentDefinition specifies the behavior and characteristics of the Component.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'.", + MarkdownDescription: "References the name of a ComponentDefinition object.The ComponentDefinition specifies the behavior and characteristics of the Component.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'.", Required: false, Optional: true, Computed: false, @@ -11964,8 +11964,8 @@ func (r *AppsKubeblocksIoClusterV1Alpha1Manifest) Schema(_ context.Context, _ da }, "component_def": schema.StringAttribute{ - Description: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) that defines the Component's characteristics and behavior.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'.", - MarkdownDescription: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) that defines the Component's characteristics and behavior.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'.", + Description: "References the name of a ComponentDefinition object.The ComponentDefinition specifies the behavior and characteristics of the Component.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'.", + MarkdownDescription: "References the name of a ComponentDefinition object.The ComponentDefinition specifies the behavior and characteristics of the Component.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'.", Required: false, Optional: true, Computed: false, @@ -19840,8 +19840,8 @@ func (r *AppsKubeblocksIoClusterV1Alpha1Manifest) Schema(_ context.Context, _ da }, "termination_policy": schema.StringAttribute{ - Description: "Specifies the behavior when a Cluster is deleted.It defines how resources, data, and backups associated with a Cluster are managed during termination.Choose a policy based on the desired level of resource cleanup and data preservation:- 'DoNotTerminate': Prevents deletion of the Cluster. This policy ensures that all resources remain intact.- 'Halt': Deletes Cluster resources like Pods and Services but retains Persistent Volume Claims (PVCs), allowing for data preservation while stopping other operations. Warning: Halt policy is deprecated in 0.9.1 and will have same meaning as DoNotTerminate.- 'Delete': Extends the 'Halt' policy by also removing PVCs, leading to a thorough cleanup while removing all persistent data.- 'WipeOut': An aggressive policy that deletes all Cluster resources, including volume snapshots and backups in external storage. This results in complete data removal and should be used cautiously, primarily in non-production environments to avoid irreversible data loss.Warning: Choosing an inappropriate termination policy can result in data loss.The 'WipeOut' policy is particularly risky in production environments due to its irreversible nature.", - MarkdownDescription: "Specifies the behavior when a Cluster is deleted.It defines how resources, data, and backups associated with a Cluster are managed during termination.Choose a policy based on the desired level of resource cleanup and data preservation:- 'DoNotTerminate': Prevents deletion of the Cluster. This policy ensures that all resources remain intact.- 'Halt': Deletes Cluster resources like Pods and Services but retains Persistent Volume Claims (PVCs), allowing for data preservation while stopping other operations. Warning: Halt policy is deprecated in 0.9.1 and will have same meaning as DoNotTerminate.- 'Delete': Extends the 'Halt' policy by also removing PVCs, leading to a thorough cleanup while removing all persistent data.- 'WipeOut': An aggressive policy that deletes all Cluster resources, including volume snapshots and backups in external storage. This results in complete data removal and should be used cautiously, primarily in non-production environments to avoid irreversible data loss.Warning: Choosing an inappropriate termination policy can result in data loss.The 'WipeOut' policy is particularly risky in production environments due to its irreversible nature.", + Description: "Specifies the behavior when a Cluster is deleted.It defines how resources, data, and backups associated with a Cluster are managed during termination.Choose a policy based on the desired level of resource cleanup and data preservation:- 'DoNotTerminate': Prevents deletion of the Cluster. This policy ensures that all resources remain intact.- 'Halt': Deletes Cluster resources like Pods and Services but retains Persistent Volume Claims (PVCs), allowing for data preservation while stopping other operations.- 'Delete': Extends the 'Halt' policy by also removing PVCs, leading to a thorough cleanup while removing all persistent data.- 'WipeOut': An aggressive policy that deletes all Cluster resources, including volume snapshots and backups in external storage. This results in complete data removal and should be used cautiously, primarily in non-production environments to avoid irreversible data loss.Warning: Choosing an inappropriate termination policy can result in data loss.The 'WipeOut' policy is particularly risky in production environments due to its irreversible nature.", + MarkdownDescription: "Specifies the behavior when a Cluster is deleted.It defines how resources, data, and backups associated with a Cluster are managed during termination.Choose a policy based on the desired level of resource cleanup and data preservation:- 'DoNotTerminate': Prevents deletion of the Cluster. This policy ensures that all resources remain intact.- 'Halt': Deletes Cluster resources like Pods and Services but retains Persistent Volume Claims (PVCs), allowing for data preservation while stopping other operations.- 'Delete': Extends the 'Halt' policy by also removing PVCs, leading to a thorough cleanup while removing all persistent data.- 'WipeOut': An aggressive policy that deletes all Cluster resources, including volume snapshots and backups in external storage. This results in complete data removal and should be used cautiously, primarily in non-production environments to avoid irreversible data loss.Warning: Choosing an inappropriate termination policy can result in data loss.The 'WipeOut' policy is particularly risky in production environments due to its irreversible nature.", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_definition_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_definition_v1alpha1_manifest.go index f81a19395..d1a04fd42 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_definition_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_definition_v1alpha1_manifest.go @@ -47,7 +47,6 @@ type AppsKubeblocksIoComponentDefinitionV1Alpha1ManifestData struct { Annotations *map[string]string `tfsdk:"annotations" json:"annotations,omitempty"` Configs *[]struct { AsEnvFrom *[]string `tfsdk:"as_env_from" json:"asEnvFrom,omitempty"` - AsSecret *bool `tfsdk:"as_secret" json:"asSecret,omitempty"` ConstraintRef *string `tfsdk:"constraint_ref" json:"constraintRef,omitempty"` DefaultMode *int64 `tfsdk:"default_mode" json:"defaultMode,omitempty"` InjectEnvTo *[]string `tfsdk:"inject_env_to" json:"injectEnvTo,omitempty"` @@ -2181,14 +2180,6 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C Computed: false, }, - "as_secret": schema.BoolAttribute{ - Description: "Whether to store the final rendered parameters as a secret.", - MarkdownDescription: "Whether to store the final rendered parameters as a secret.", - Required: false, - Optional: true, - Computed: false, - }, - "constraint_ref": schema.StringAttribute{ Description: "Specifies the name of the referenced configuration constraints object.", MarkdownDescription: "Specifies the name of the referenced configuration constraints object.", @@ -2317,8 +2308,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C "volume_name": schema.StringAttribute{ Description: "Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts.", MarkdownDescription: "Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts.", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, Validators: []validator.String{ stringvalidator.LengthAtMost(63), @@ -14523,8 +14514,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C "volume_name": schema.StringAttribute{ Description: "Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts.", MarkdownDescription: "Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts.", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, Validators: []validator.String{ stringvalidator.LengthAtMost(63), @@ -15131,8 +15122,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C MarkdownDescription: "Selects a defined var of a Component.", Attributes: map[string]schema.Attribute{ "comp_def": schema.StringAttribute{ - Description: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", - MarkdownDescription: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", + Description: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", + MarkdownDescription: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", Required: false, Optional: true, Computed: false, @@ -15378,8 +15369,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C MarkdownDescription: "Selects a defined var of a Credential (SystemAccount).", Attributes: map[string]schema.Attribute{ "comp_def": schema.StringAttribute{ - Description: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", - MarkdownDescription: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", + Description: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", + MarkdownDescription: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", Required: false, Optional: true, Computed: false, @@ -15503,8 +15494,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C MarkdownDescription: "Selects a defined var of host-network resources.", Attributes: map[string]schema.Attribute{ "comp_def": schema.StringAttribute{ - Description: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", - MarkdownDescription: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", + Description: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", + MarkdownDescription: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", Required: false, Optional: true, Computed: false, @@ -15684,8 +15675,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C MarkdownDescription: "Selects a defined var of a ServiceRef.", Attributes: map[string]schema.Attribute{ "comp_def": schema.StringAttribute{ - Description: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", - MarkdownDescription: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", + Description: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", + MarkdownDescription: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", Required: false, Optional: true, Computed: false, @@ -15842,8 +15833,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C MarkdownDescription: "Selects a defined var of a Service.", Attributes: map[string]schema.Attribute{ "comp_def": schema.StringAttribute{ - Description: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", - MarkdownDescription: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used.", + Description: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", + MarkdownDescription: "CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_version_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_version_v1alpha1_manifest.go index 5cc13b8f8..e8d8ceb15 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_version_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_version_v1alpha1_manifest.go @@ -126,8 +126,8 @@ func (r *AppsKubeblocksIoComponentVersionV1Alpha1Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "comp_defs": schema.ListAttribute{ - Description: "CompDefs specifies names for the component definitions associated with this ComponentVersion.Each name in the list can represent an exact name, a name prefix, or a regular expression pattern.For example:- 'mysql-8.0.30-v1alpha1': Matches the exact name 'mysql-8.0.30-v1alpha1'- 'mysql-8.0.30': Matches all names starting with 'mysql-8.0.30'- '^mysql-8.0.d{1,2}$': Matches all names starting with 'mysql-8.0.' followed by one or two digits.", - MarkdownDescription: "CompDefs specifies names for the component definitions associated with this ComponentVersion.Each name in the list can represent an exact name, a name prefix, or a regular expression pattern.For example:- 'mysql-8.0.30-v1alpha1': Matches the exact name 'mysql-8.0.30-v1alpha1'- 'mysql-8.0.30': Matches all names starting with 'mysql-8.0.30'- '^mysql-8.0.d{1,2}$': Matches all names starting with 'mysql-8.0.' followed by one or two digits.", + Description: "CompDefs specifies names for the component definitions associated with this ComponentVersion.Each name in the list can represent an exact name, or a name prefix.For example:- 'mysql-8.0.30-v1alpha1': Matches the exact name 'mysql-8.0.30-v1alpha1'- 'mysql-8.0.30': Matches all names starting with 'mysql-8.0.30'", + MarkdownDescription: "CompDefs specifies names for the component definitions associated with this ComponentVersion.Each name in the list can represent an exact name, or a name prefix.For example:- 'mysql-8.0.30-v1alpha1': Matches the exact name 'mysql-8.0.30-v1alpha1'- 'mysql-8.0.30': Matches all names starting with 'mysql-8.0.30'", ElementType: types.StringType, Required: true, Optional: false, diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_configuration_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_configuration_v1alpha1_manifest.go index 83b624db2..2e5af71ce 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_configuration_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_configuration_v1alpha1_manifest.go @@ -53,7 +53,6 @@ type AppsKubeblocksIoConfigurationV1Alpha1ManifestData struct { } `tfsdk:"config_file_params" json:"configFileParams,omitempty"` ConfigSpec *struct { AsEnvFrom *[]string `tfsdk:"as_env_from" json:"asEnvFrom,omitempty"` - AsSecret *bool `tfsdk:"as_secret" json:"asSecret,omitempty"` ConstraintRef *string `tfsdk:"constraint_ref" json:"constraintRef,omitempty"` DefaultMode *int64 `tfsdk:"default_mode" json:"defaultMode,omitempty"` InjectEnvTo *[]string `tfsdk:"inject_env_to" json:"injectEnvTo,omitempty"` @@ -218,14 +217,6 @@ func (r *AppsKubeblocksIoConfigurationV1Alpha1Manifest) Schema(_ context.Context Computed: false, }, - "as_secret": schema.BoolAttribute{ - Description: "Whether to store the final rendered parameters as a secret.", - MarkdownDescription: "Whether to store the final rendered parameters as a secret.", - Required: false, - Optional: true, - Computed: false, - }, - "constraint_ref": schema.StringAttribute{ Description: "Specifies the name of the referenced configuration constraints object.", MarkdownDescription: "Specifies the name of the referenced configuration constraints object.", @@ -354,8 +345,8 @@ func (r *AppsKubeblocksIoConfigurationV1Alpha1Manifest) Schema(_ context.Context "volume_name": schema.StringAttribute{ Description: "Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts.", MarkdownDescription: "Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts.", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, Validators: []validator.String{ stringvalidator.LengthAtMost(63), diff --git a/internal/provider/asdb_aerospike_com_v1/asdb_aerospike_com_aerospike_cluster_v1_manifest.go b/internal/provider/asdb_aerospike_com_v1/asdb_aerospike_com_aerospike_cluster_v1_manifest.go index a0744e91a..87f3cbed8 100644 --- a/internal/provider/asdb_aerospike_com_v1/asdb_aerospike_com_aerospike_cluster_v1_manifest.go +++ b/internal/provider/asdb_aerospike_com_v1/asdb_aerospike_com_aerospike_cluster_v1_manifest.go @@ -146,10 +146,8 @@ type AsdbAerospikeComAerospikeClusterV1ManifestData struct { } `tfsdk:"security_context" json:"securityContext,omitempty"` } `tfsdk:"aerospike_container" json:"aerospikeContainer,omitempty"` AerospikeInitContainer *struct { - ImageNameAndTag *string `tfsdk:"image_name_and_tag" json:"imageNameAndTag,omitempty"` - ImageRegistry *string `tfsdk:"image_registry" json:"imageRegistry,omitempty"` - ImageRegistryNamespace *string `tfsdk:"image_registry_namespace" json:"imageRegistryNamespace,omitempty"` - Resources *struct { + ImageRegistry *string `tfsdk:"image_registry" json:"imageRegistry,omitempty"` + Resources *struct { Claims *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` @@ -1653,8 +1651,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "secret_name": schema.StringAttribute{ - Description: "SecretName has secret info created by user. User needs to create this secret from password literal.eg: kubectl create secret generic dev-db-secret --from-literal=password='password'", - MarkdownDescription: "SecretName has secret info created by user. User needs to create this secret from password literal.eg: kubectl create secret generic dev-db-secret --from-literal=password='password'", + Description: "SecretName has secret info created by user. User needs to create this secret from password literal. eg: kubectl create secret generic dev-db-secret --from-literal=password='password'", + MarkdownDescription: "SecretName has secret info created by user. User needs to create this secret from password literal. eg: kubectl create secret generic dev-db-secret --from-literal=password='password'", Required: true, Optional: false, Computed: false, @@ -1685,8 +1683,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "AerospikeNetworkPolicy specifies how clients and tools access the Aerospike cluster.", Attributes: map[string]schema.Attribute{ "access": schema.StringAttribute{ - Description: "AccessType is the type of network address to use for Aerospike access address.Defaults to hostInternal.", - MarkdownDescription: "AccessType is the type of network address to use for Aerospike access address.Defaults to hostInternal.", + Description: "AccessType is the type of network address to use for Aerospike access address. Defaults to hostInternal.", + MarkdownDescription: "AccessType is the type of network address to use for Aerospike access address. Defaults to hostInternal.", Required: false, Optional: true, Computed: false, @@ -1696,8 +1694,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "alternate_access": schema.StringAttribute{ - Description: "AlternateAccessType is the type of network address to use for Aerospike alternate access address.Defaults to hostExternal.", - MarkdownDescription: "AlternateAccessType is the type of network address to use for Aerospike alternate access address.Defaults to hostExternal.", + Description: "AlternateAccessType is the type of network address to use for Aerospike alternate access address. Defaults to hostExternal.", + MarkdownDescription: "AlternateAccessType is the type of network address to use for Aerospike alternate access address. Defaults to hostExternal.", Required: false, Optional: true, Computed: false, @@ -1707,8 +1705,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "custom_access_network_names": schema.ListAttribute{ - Description: "CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' access type.", - MarkdownDescription: "CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' access type.", + Description: "CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' access type.", + MarkdownDescription: "CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' access type.", ElementType: types.StringType, Required: false, Optional: true, @@ -1716,8 +1714,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "custom_alternate_access_network_names": schema.ListAttribute{ - Description: "CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospikealternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' alternateAccess type", - MarkdownDescription: "CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospikealternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' alternateAccess type", + Description: "CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' alternateAccess type", + MarkdownDescription: "CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' alternateAccess type", ElementType: types.StringType, Required: false, Optional: true, @@ -1725,8 +1723,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "custom_fabric_network_names": schema.ListAttribute{ - Description: "CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' fabric type", - MarkdownDescription: "CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' fabric type", + Description: "CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' fabric type", + MarkdownDescription: "CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' fabric type", ElementType: types.StringType, Required: false, Optional: true, @@ -1734,8 +1732,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "custom_tls_access_network_names": schema.ListAttribute{ - Description: "CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAccess type", - MarkdownDescription: "CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAccess type", + Description: "CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAccess type", + MarkdownDescription: "CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAccess type", ElementType: types.StringType, Required: false, Optional: true, @@ -1743,8 +1741,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "custom_tls_alternate_access_network_names": schema.ListAttribute{ - Description: "CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLSalternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAlternateAccess type", - MarkdownDescription: "CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLSalternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAlternateAccess type", + Description: "CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAlternateAccess type", + MarkdownDescription: "CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAlternateAccess type", ElementType: types.StringType, Required: false, Optional: true, @@ -1752,8 +1750,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "custom_tls_fabric_network_names": schema.ListAttribute{ - Description: "CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign networkinterfaces to the pod.Required with 'customInterface' tlsFabric type", - MarkdownDescription: "CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign networkinterfaces to the pod.Required with 'customInterface' tlsFabric type", + Description: "CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsFabric type", + MarkdownDescription: "CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsFabric type", ElementType: types.StringType, Required: false, Optional: true, @@ -1761,8 +1759,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "fabric": schema.StringAttribute{ - Description: "FabricType is the type of network address to use for Aerospike fabric address.Defaults is empty meaning all interfaces 'any'.", - MarkdownDescription: "FabricType is the type of network address to use for Aerospike fabric address.Defaults is empty meaning all interfaces 'any'.", + Description: "FabricType is the type of network address to use for Aerospike fabric address. Defaults is empty meaning all interfaces 'any'.", + MarkdownDescription: "FabricType is the type of network address to use for Aerospike fabric address. Defaults is empty meaning all interfaces 'any'.", Required: false, Optional: true, Computed: false, @@ -1772,8 +1770,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "tls_access": schema.StringAttribute{ - Description: "TLSAccessType is the type of network address to use for Aerospike TLS access address.Defaults to hostInternal.", - MarkdownDescription: "TLSAccessType is the type of network address to use for Aerospike TLS access address.Defaults to hostInternal.", + Description: "TLSAccessType is the type of network address to use for Aerospike TLS access address. Defaults to hostInternal.", + MarkdownDescription: "TLSAccessType is the type of network address to use for Aerospike TLS access address. Defaults to hostInternal.", Required: false, Optional: true, Computed: false, @@ -1783,8 +1781,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "tls_alternate_access": schema.StringAttribute{ - Description: "TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address.Defaults to hostExternal.", - MarkdownDescription: "TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address.Defaults to hostExternal.", + Description: "TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address. Defaults to hostExternal.", + MarkdownDescription: "TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address. Defaults to hostExternal.", Required: false, Optional: true, Computed: false, @@ -1794,8 +1792,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "tls_fabric": schema.StringAttribute{ - Description: "TLSFabricType is the type of network address to use for Aerospike TLS fabric address.Defaults is empty meaning all interfaces 'any'.", - MarkdownDescription: "TLSFabricType is the type of network address to use for Aerospike TLS fabric address.Defaults is empty meaning all interfaces 'any'.", + Description: "TLSFabricType is the type of network address to use for Aerospike TLS fabric address. Defaults is empty meaning all interfaces 'any'.", + MarkdownDescription: "TLSFabricType is the type of network address to use for Aerospike TLS fabric address. Defaults is empty meaning all interfaces 'any'.", Required: false, Optional: true, Computed: false, @@ -1818,8 +1816,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "enable_dynamic_config_update": schema.BoolAttribute{ - Description: "EnableDynamicConfigUpdate enables dynamic config update flow of the operator.If enabled, operator will try to update the Aerospike config dynamically.In case of inconsistent state during dynamic config update, operator falls back to rolling restart.", - MarkdownDescription: "EnableDynamicConfigUpdate enables dynamic config update flow of the operator.If enabled, operator will try to update the Aerospike config dynamically.In case of inconsistent state during dynamic config update, operator falls back to rolling restart.", + Description: "EnableDynamicConfigUpdate enables dynamic config update flow of the operator. If enabled, operator will try to update the Aerospike config dynamically. In case of inconsistent state during dynamic config update, operator falls back to rolling restart.", + MarkdownDescription: "EnableDynamicConfigUpdate enables dynamic config update flow of the operator. If enabled, operator will try to update the Aerospike config dynamically. In case of inconsistent state during dynamic config update, operator falls back to rolling restart.", Required: false, Optional: true, Computed: false, @@ -1834,8 +1832,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "k8s_node_block_list": schema.ListAttribute{ - Description: "K8sNodeBlockList is a list of Kubernetes nodes which are not used for Aerospike pods. Pods are not scheduled onthese nodes. Pods are migrated from these nodes if already present. This is useful for the maintenance ofKubernetes nodes.", - MarkdownDescription: "K8sNodeBlockList is a list of Kubernetes nodes which are not used for Aerospike pods. Pods are not scheduled onthese nodes. Pods are migrated from these nodes if already present. This is useful for the maintenance ofKubernetes nodes.", + Description: "K8sNodeBlockList is a list of Kubernetes nodes which are not used for Aerospike pods. Pods are not scheduled on these nodes. Pods are migrated from these nodes if already present. This is useful for the maintenance of Kubernetes nodes.", + MarkdownDescription: "K8sNodeBlockList is a list of Kubernetes nodes which are not used for Aerospike pods. Pods are not scheduled on these nodes. Pods are migrated from these nodes if already present. This is useful for the maintenance of Kubernetes nodes.", ElementType: types.StringType, Required: false, Optional: true, @@ -1843,8 +1841,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "max_unavailable": schema.StringAttribute{ - Description: "MaxUnavailable is the percentage/number of pods that can be allowed to go down or unavailable before applicationdisruption. This value is used to create PodDisruptionBudget. Defaults to 1.Refer Aerospike documentation for more details.", - MarkdownDescription: "MaxUnavailable is the percentage/number of pods that can be allowed to go down or unavailable before applicationdisruption. This value is used to create PodDisruptionBudget. Defaults to 1.Refer Aerospike documentation for more details.", + Description: "MaxUnavailable is the percentage/number of pods that can be allowed to go down or unavailable before application disruption. This value is used to create PodDisruptionBudget. Defaults to 1. Refer Aerospike documentation for more details.", + MarkdownDescription: "MaxUnavailable is the percentage/number of pods that can be allowed to go down or unavailable before application disruption. This value is used to create PodDisruptionBudget. Defaults to 1. Refer Aerospike documentation for more details.", Required: false, Optional: true, Computed: false, @@ -1898,8 +1896,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Certificates to connect to Aerospike.", Attributes: map[string]schema.Attribute{ "cert_path_in_operator": schema.SingleNestedAttribute{ - Description: "AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospikecluster.All paths are on operator's filesystem.", - MarkdownDescription: "AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospikecluster.All paths are on operator's filesystem.", + Description: "AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospike cluster. All paths are on operator's filesystem.", + MarkdownDescription: "AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospike cluster. All paths are on operator's filesystem.", Attributes: map[string]schema.Attribute{ "ca_certs_path": schema.StringAttribute{ Description: "", @@ -2030,21 +2028,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Specify additional configuration for the Aerospike pods", Attributes: map[string]schema.Attribute{ "aerospike_container": schema.SingleNestedAttribute{ - Description: "AerospikeContainerSpec configures the aerospike-server containercreated by the operator.", - MarkdownDescription: "AerospikeContainerSpec configures the aerospike-server containercreated by the operator.", + Description: "AerospikeContainerSpec configures the aerospike-server container created by the operator.", + MarkdownDescription: "AerospikeContainerSpec configures the aerospike-server container created by the operator.", Attributes: map[string]schema.Attribute{ "resources": schema.SingleNestedAttribute{ - Description: "Define resources requests and limits for Aerospike Server Container.Please contact aerospike for proper sizing exerciseOnly Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests.", - MarkdownDescription: "Define resources requests and limits for Aerospike Server Container.Please contact aerospike for proper sizing exerciseOnly Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests.", + Description: "Define resources requests and limits for Aerospike Server Container. Please contact aerospike for proper sizing exercise Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests.", + MarkdownDescription: "Define resources requests and limits for Aerospike Server Container. Please contact aerospike for proper sizing exercise Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests.", Attributes: map[string]schema.Attribute{ "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", + MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", + Description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", Required: true, Optional: false, Computed: false, @@ -2057,8 +2055,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "limits": schema.MapAttribute{ - Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -2066,8 +2064,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "requests": schema.MapAttribute{ - Description: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -2084,16 +2082,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "SecurityContext that will be added to aerospike-server container created by operator.", Attributes: map[string]schema.Attribute{ "allow_privilege_escalation": schema.BoolAttribute{ - Description: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", + Description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "capabilities": schema.SingleNestedAttribute{ - Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", + Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "add": schema.ListAttribute{ Description: "Added capabilities", @@ -2119,56 +2117,56 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "privileged": schema.BoolAttribute{ - Description: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "read_only_root_filesystem": schema.BoolAttribute{ - Description: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -2208,20 +2206,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -2233,12 +2231,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -2253,16 +2251,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -2284,45 +2282,29 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "aerospike_init_container": schema.SingleNestedAttribute{ - Description: "AerospikeInitContainerSpec configures the aerospike-init containercreated by the operator.", - MarkdownDescription: "AerospikeInitContainerSpec configures the aerospike-init containercreated by the operator.", + Description: "AerospikeInitContainerSpec configures the aerospike-init container created by the operator.", + MarkdownDescription: "AerospikeInitContainerSpec configures the aerospike-init container created by the operator.", Attributes: map[string]schema.Attribute{ - "image_name_and_tag": schema.StringAttribute{ - Description: "ImageNameAndTag is the name:tag of aerospike-init container image", - MarkdownDescription: "ImageNameAndTag is the name:tag of aerospike-init container image", - Required: false, - Optional: true, - Computed: false, - }, - "image_registry": schema.StringAttribute{ - Description: "ImageRegistry is the name of image registry for aerospike-init container imageImageRegistry, e.g. docker.io, redhat.access.com", - MarkdownDescription: "ImageRegistry is the name of image registry for aerospike-init container imageImageRegistry, e.g. docker.io, redhat.access.com", - Required: false, - Optional: true, - Computed: false, - }, - - "image_registry_namespace": schema.StringAttribute{ - Description: "ImageRegistryNamespace is the name of namespace in registry for aerospike-init container image", - MarkdownDescription: "ImageRegistryNamespace is the name of namespace in registry for aerospike-init container image", + Description: "ImageRegistry is the name of image registry for aerospike-init container image ImageRegistry, e.g. docker.io, redhat.access.com", + MarkdownDescription: "ImageRegistry is the name of image registry for aerospike-init container image ImageRegistry, e.g. docker.io, redhat.access.com", Required: false, Optional: true, Computed: false, }, "resources": schema.SingleNestedAttribute{ - Description: "Define resources requests and limits for Aerospike init Container.Only Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests.", - MarkdownDescription: "Define resources requests and limits for Aerospike init Container.Only Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests.", + Description: "Define resources requests and limits for Aerospike init Container. Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests.", + MarkdownDescription: "Define resources requests and limits for Aerospike init Container. Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests.", Attributes: map[string]schema.Attribute{ "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", + MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", + Description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", Required: true, Optional: false, Computed: false, @@ -2335,8 +2317,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "limits": schema.MapAttribute{ - Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -2344,8 +2326,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "requests": schema.MapAttribute{ - Description: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -2362,16 +2344,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "SecurityContext that will be added to aerospike-init container created by operator.", Attributes: map[string]schema.Attribute{ "allow_privilege_escalation": schema.BoolAttribute{ - Description: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", + Description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "capabilities": schema.SingleNestedAttribute{ - Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", + Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "add": schema.ListAttribute{ Description: "Added capabilities", @@ -2397,56 +2379,56 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "privileged": schema.BoolAttribute{ - Description: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "read_only_root_filesystem": schema.BoolAttribute{ - Description: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -2486,20 +2468,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -2511,12 +2493,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -2531,16 +2513,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -2570,8 +2552,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Describes node affinity scheduling rules for the pod.", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "preference": schema.SingleNestedAttribute{ @@ -2592,16 +2574,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2628,16 +2610,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2670,8 +2652,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "required_during_scheduling_ignored_during_execution": schema.SingleNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", Attributes: map[string]schema.Attribute{ "node_selector_terms": schema.ListNestedAttribute{ Description: "Required. A list of node selector terms. The terms are ORed.", @@ -2692,16 +2674,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2728,16 +2710,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2771,8 +2753,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -2780,8 +2762,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -2797,16 +2779,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2820,8 +2802,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2834,8 +2816,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2843,8 +2825,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2852,8 +2834,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -2869,16 +2851,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2892,8 +2874,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2906,8 +2888,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -2915,8 +2897,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -2928,8 +2910,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -2942,13 +2924,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -2964,16 +2946,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2987,8 +2969,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3001,8 +2983,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3010,8 +2992,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3019,8 +3001,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3036,16 +3018,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3059,8 +3041,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3073,8 +3055,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -3082,8 +3064,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -3105,8 +3087,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -3114,8 +3096,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3131,16 +3113,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3154,8 +3136,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3168,8 +3150,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3177,8 +3159,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3186,8 +3168,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3203,16 +3185,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3226,8 +3208,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3240,8 +3222,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -3249,8 +3231,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -3262,8 +3244,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -3276,13 +3258,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3298,16 +3280,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3321,8 +3303,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3335,8 +3317,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3344,8 +3326,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3353,8 +3335,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3370,16 +3352,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3393,8 +3375,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3407,8 +3389,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -3416,8 +3398,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -3440,12 +3422,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "dns_config": schema.SingleNestedAttribute{ - Description: "DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.This is required field when dnsPolicy is set to 'None'", - MarkdownDescription: "DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.This is required field when dnsPolicy is set to 'None'", + Description: "DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy. This is required field when dnsPolicy is set to 'None'", + MarkdownDescription: "DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy. This is required field when dnsPolicy is set to 'None'", Attributes: map[string]schema.Attribute{ "nameservers": schema.ListAttribute{ - Description: "A list of DNS name server IP addresses.This will be appended to the base nameservers generated from DNSPolicy.Duplicated nameservers will be removed.", - MarkdownDescription: "A list of DNS name server IP addresses.This will be appended to the base nameservers generated from DNSPolicy.Duplicated nameservers will be removed.", + Description: "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", + MarkdownDescription: "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3453,8 +3435,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "options": schema.ListNestedAttribute{ - Description: "A list of DNS resolver options.This will be merged with the base options generated from DNSPolicy.Duplicated entries will be removed. Resolution options given in Optionswill override those that appear in the base DNSPolicy.", - MarkdownDescription: "A list of DNS resolver options.This will be merged with the base options generated from DNSPolicy.Duplicated entries will be removed. Resolution options given in Optionswill override those that appear in the base DNSPolicy.", + Description: "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", + MarkdownDescription: "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -3480,8 +3462,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "searches": schema.ListAttribute{ - Description: "A list of DNS search domains for host-name lookup.This will be appended to the base search paths generated from DNSPolicy.Duplicated search paths will be removed.", - MarkdownDescription: "A list of DNS search domains for host-name lookup.This will be appended to the base search paths generated from DNSPolicy.Duplicated search paths will be removed.", + Description: "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", + MarkdownDescription: "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3494,8 +3476,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "dns_policy": schema.StringAttribute{ - Description: "DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy.If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet", - MarkdownDescription: "DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy.If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet", + Description: "DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet", + MarkdownDescription: "DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet", Required: false, Optional: true, Computed: false, @@ -3510,21 +3492,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "host_network": schema.BoolAttribute{ - Description: "HostNetwork enables host networking for the pod.To enable hostNetwork multiPodPerHost must be false.", - MarkdownDescription: "HostNetwork enables host networking for the pod.To enable hostNetwork multiPodPerHost must be false.", + Description: "HostNetwork enables host networking for the pod. To enable hostNetwork multiPodPerHost must be false.", + MarkdownDescription: "HostNetwork enables host networking for the pod. To enable hostNetwork multiPodPerHost must be false.", Required: false, Optional: true, Computed: false, }, "image_pull_secrets": schema.ListNestedAttribute{ - Description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any ofthe images used by this PodSpec.More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", - MarkdownDescription: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any ofthe images used by this PodSpec.More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + Description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + MarkdownDescription: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3542,8 +3524,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "args": schema.ListAttribute{ - Description: "Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - MarkdownDescription: "Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + Description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + MarkdownDescription: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", ElementType: types.StringType, Required: false, Optional: true, @@ -3551,8 +3533,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "command": schema.ListAttribute{ - Description: "Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - MarkdownDescription: "Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + Description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + MarkdownDescription: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", ElementType: types.StringType, Required: false, Optional: true, @@ -3560,8 +3542,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "env": schema.ListNestedAttribute{ - Description: "List of environment variables to set in the container.Cannot be updated.", - MarkdownDescription: "List of environment variables to set in the container.Cannot be updated.", + Description: "List of environment variables to set in the container. Cannot be updated.", + MarkdownDescription: "List of environment variables to set in the container. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -3573,8 +3555,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "value": schema.StringAttribute{ - Description: "Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''.", - MarkdownDescription: "Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''.", + Description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.", + MarkdownDescription: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.", Required: false, Optional: true, Computed: false, @@ -3597,8 +3579,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3618,8 +3600,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "field_ref": schema.SingleNestedAttribute{ - Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - MarkdownDescription: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + MarkdownDescription: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -3643,8 +3625,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "resource_field_ref": schema.SingleNestedAttribute{ - Description: "Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - MarkdownDescription: "Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + Description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + MarkdownDescription: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", Attributes: map[string]schema.Attribute{ "container_name": schema.StringAttribute{ Description: "Container name: required for volumes, optional for env vars", @@ -3688,8 +3670,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3720,8 +3702,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "env_from": schema.ListNestedAttribute{ - Description: "List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated.", - MarkdownDescription: "List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated.", + Description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + MarkdownDescription: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "config_map_ref": schema.SingleNestedAttribute{ @@ -3729,8 +3711,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "The ConfigMap to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3762,8 +3744,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "The Secret to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3789,36 +3771,36 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "image": schema.StringAttribute{ - Description: "Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", - MarkdownDescription: "Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", + Description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + MarkdownDescription: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", Required: false, Optional: true, Computed: false, }, "image_pull_policy": schema.StringAttribute{ - Description: "Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - MarkdownDescription: "Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + Description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + MarkdownDescription: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", Required: false, Optional: true, Computed: false, }, "lifecycle": schema.SingleNestedAttribute{ - Description: "Actions that the management system should take in response to container lifecycle events.Cannot be updated.", - MarkdownDescription: "Actions that the management system should take in response to container lifecycle events.Cannot be updated.", + Description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + MarkdownDescription: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", Attributes: map[string]schema.Attribute{ "post_start": schema.SingleNestedAttribute{ - Description: "PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - MarkdownDescription: "PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + Description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + MarkdownDescription: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -3835,8 +3817,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -3848,8 +3830,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -3878,16 +3860,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -3916,8 +3898,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "tcp_socket": schema.SingleNestedAttribute{ - Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", - MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", + Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ Description: "Optional: Host name to connect to, defaults to the pod IP.", @@ -3928,8 +3910,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -3946,16 +3928,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "pre_stop": schema.SingleNestedAttribute{ - Description: "PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - MarkdownDescription: "PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + Description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + MarkdownDescription: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -3972,8 +3954,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -3985,8 +3967,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -4015,16 +3997,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -4053,8 +4035,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "tcp_socket": schema.SingleNestedAttribute{ - Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", - MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", + Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ Description: "Optional: Host name to connect to, defaults to the pod IP.", @@ -4065,8 +4047,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -4088,16 +4070,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "liveness_probe": schema.SingleNestedAttribute{ - Description: "Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -4110,8 +4092,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4130,8 +4112,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -4147,8 +4129,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -4160,8 +4142,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -4190,16 +4172,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -4211,24 +4193,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4247,8 +4229,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -4260,16 +4242,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -4281,21 +4263,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated.", - MarkdownDescription: "Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated.", + Description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + MarkdownDescription: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", Required: true, Optional: false, Computed: false, }, "ports": schema.ListNestedAttribute{ - Description: "List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated.", - MarkdownDescription: "List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated.", + Description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + MarkdownDescription: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "container_port": schema.Int64Attribute{ - Description: "Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536.", - MarkdownDescription: "Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536.", + Description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + MarkdownDescription: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", Required: true, Optional: false, Computed: false, @@ -4310,24 +4292,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "host_port": schema.Int64Attribute{ - Description: "Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this.", - MarkdownDescription: "Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this.", + Description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + MarkdownDescription: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", Required: false, Optional: true, Computed: false, }, "name": schema.StringAttribute{ - Description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services.", - MarkdownDescription: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services.", + Description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + MarkdownDescription: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", Required: false, Optional: true, Computed: false, }, "protocol": schema.StringAttribute{ - Description: "Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'.", - MarkdownDescription: "Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'.", + Description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'.", + MarkdownDescription: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'.", Required: false, Optional: true, Computed: false, @@ -4340,16 +4322,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "readiness_probe": schema.SingleNestedAttribute{ - Description: "Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -4362,8 +4344,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4382,8 +4364,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -4399,8 +4381,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -4412,8 +4394,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -4442,16 +4424,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -4463,24 +4445,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4499,8 +4481,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -4512,16 +4494,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -4538,16 +4520,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "resource_name": schema.StringAttribute{ - Description: "Name of the resource to which this resource resize policy applies.Supported values: cpu, memory.", - MarkdownDescription: "Name of the resource to which this resource resize policy applies.Supported values: cpu, memory.", + Description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", + MarkdownDescription: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", Required: true, Optional: false, Computed: false, }, "restart_policy": schema.StringAttribute{ - Description: "Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired.", - MarkdownDescription: "Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired.", + Description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", + MarkdownDescription: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", Required: true, Optional: false, Computed: false, @@ -4560,17 +4542,17 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "resources": schema.SingleNestedAttribute{ - Description: "Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", Attributes: map[string]schema.Attribute{ "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", + MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", + Description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", Required: true, Optional: false, Computed: false, @@ -4583,8 +4565,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "limits": schema.MapAttribute{ - Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -4592,8 +4574,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "requests": schema.MapAttribute{ - Description: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -4606,28 +4588,28 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "restart_policy": schema.StringAttribute{ - Description: "RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted.", - MarkdownDescription: "RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted.", + Description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", + MarkdownDescription: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", Required: false, Optional: true, Computed: false, }, "security_context": schema.SingleNestedAttribute{ - Description: "SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - MarkdownDescription: "SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + Description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + MarkdownDescription: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", Attributes: map[string]schema.Attribute{ "allow_privilege_escalation": schema.BoolAttribute{ - Description: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", + Description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "capabilities": schema.SingleNestedAttribute{ - Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", + Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "add": schema.ListAttribute{ Description: "Added capabilities", @@ -4653,56 +4635,56 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "privileged": schema.BoolAttribute{ - Description: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "read_only_root_filesystem": schema.BoolAttribute{ - Description: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -4742,20 +4724,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -4767,12 +4749,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -4787,16 +4769,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -4813,16 +4795,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "startup_probe": schema.SingleNestedAttribute{ - Description: "StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -4835,8 +4817,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4855,8 +4837,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -4872,8 +4854,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -4885,8 +4867,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -4915,16 +4897,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -4936,24 +4918,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4972,8 +4954,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -4985,16 +4967,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -5006,40 +4988,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "stdin": schema.BoolAttribute{ - Description: "Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false.", - MarkdownDescription: "Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false.", + Description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + MarkdownDescription: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", Required: false, Optional: true, Computed: false, }, "stdin_once": schema.BoolAttribute{ - Description: "Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false", - MarkdownDescription: "Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false", + Description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + MarkdownDescription: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", Required: false, Optional: true, Computed: false, }, "termination_message_path": schema.StringAttribute{ - Description: "Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated.", - MarkdownDescription: "Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated.", + Description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + MarkdownDescription: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", Required: false, Optional: true, Computed: false, }, "termination_message_policy": schema.StringAttribute{ - Description: "Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated.", - MarkdownDescription: "Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated.", + Description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + MarkdownDescription: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", Required: false, Optional: true, Computed: false, }, "tty": schema.BoolAttribute{ - Description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false.", - MarkdownDescription: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false.", + Description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + MarkdownDescription: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", Required: false, Optional: true, Computed: false, @@ -5073,21 +5055,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "volume_mounts": schema.ListNestedAttribute{ - Description: "Pod volumes to mount into the container's filesystem.Cannot be updated.", - MarkdownDescription: "Pod volumes to mount into the container's filesystem.Cannot be updated.", + Description: "Pod volumes to mount into the container's filesystem. Cannot be updated.", + MarkdownDescription: "Pod volumes to mount into the container's filesystem. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mount_path": schema.StringAttribute{ - Description: "Path within the container at which the volume should be mounted. Mustnot contain ':'.", - MarkdownDescription: "Path within the container at which the volume should be mounted. Mustnot contain ':'.", + Description: "Path within the container at which the volume should be mounted. Must not contain ':'.", + MarkdownDescription: "Path within the container at which the volume should be mounted. Must not contain ':'.", Required: true, Optional: false, Computed: false, }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, @@ -5102,24 +5084,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -5132,8 +5114,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "working_dir": schema.StringAttribute{ - Description: "Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated.", - MarkdownDescription: "Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated.", + Description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + MarkdownDescription: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", Required: false, Optional: true, Computed: false, @@ -5173,8 +5155,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "multi_pod_per_host": schema.BoolAttribute{ - Description: "If set true then multiple pods can be created per Kubernetes Node.This will create a NodePort service for each Pod if aerospikeNetworkPolicy definedhas one of the network types: 'hostInternal', 'hostExternal', 'configuredIP'NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes ,and any traffic that is sent to this port is forwarded to the service.Here service picks a random port in range (30000-32767), so these port should be open.If set false then only single pod can be created per Kubernetes Node.This will create Pods using hostPort setting.The container port will be exposed to the external network at :,where the hostIP is the IP address of the Kubernetes Node where the container is running andthe hostPort is the port requested by the user.", - MarkdownDescription: "If set true then multiple pods can be created per Kubernetes Node.This will create a NodePort service for each Pod if aerospikeNetworkPolicy definedhas one of the network types: 'hostInternal', 'hostExternal', 'configuredIP'NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes ,and any traffic that is sent to this port is forwarded to the service.Here service picks a random port in range (30000-32767), so these port should be open.If set false then only single pod can be created per Kubernetes Node.This will create Pods using hostPort setting.The container port will be exposed to the external network at :,where the hostIP is the IP address of the Kubernetes Node where the container is running andthe hostPort is the port requested by the user.", + Description: "If set true then multiple pods can be created per Kubernetes Node. This will create a NodePort service for each Pod if aerospikeNetworkPolicy defined has one of the network types: 'hostInternal', 'hostExternal', 'configuredIP' NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes , and any traffic that is sent to this port is forwarded to the service. Here service picks a random port in range (30000-32767), so these port should be open. If set false then only single pod can be created per Kubernetes Node. This will create Pods using hostPort setting. The container port will be exposed to the external network at :, where the hostIP is the IP address of the Kubernetes Node where the container is running and the hostPort is the port requested by the user.", + MarkdownDescription: "If set true then multiple pods can be created per Kubernetes Node. This will create a NodePort service for each Pod if aerospikeNetworkPolicy defined has one of the network types: 'hostInternal', 'hostExternal', 'configuredIP' NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes , and any traffic that is sent to this port is forwarded to the service. Here service picks a random port in range (30000-32767), so these port should be open. If set false then only single pod can be created per Kubernetes Node. This will create Pods using hostPort setting. The container port will be exposed to the external network at :, where the hostIP is the IP address of the Kubernetes Node where the container is running and the hostPort is the port requested by the user.", Required: false, Optional: true, Computed: false, @@ -5190,52 +5172,52 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "security_context": schema.SingleNestedAttribute{ - Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", - MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", + Description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", + MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ "fs_group": schema.Int64Attribute{ - Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", + Description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "fs_group_change_policy": schema.StringAttribute{ - Description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows.", + Description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to all containers.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in SecurityContext. If set inboth SecurityContext and PodSecurityContext, the value specified in SecurityContexttakes precedence for that container.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to all containers.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in SecurityContext. If set inboth SecurityContext and PodSecurityContext, the value specified in SecurityContexttakes precedence for that container.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -5275,20 +5257,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -5300,8 +5282,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "supplemental_groups": schema.ListAttribute{ - Description: "A list of groups applied to the first process run in each container, in additionto the container's primary GID, the fsGroup (if specified), and group membershipsdefined in the container image for the uid of the container process. If unspecified,no additional groups are added to any container. Note that group membershipsdefined in the container image for the uid of the container process are still effective,even if they are not included in this list.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "A list of groups applied to the first process run in each container, in additionto the container's primary GID, the fsGroup (if specified), and group membershipsdefined in the container image for the uid of the container process. If unspecified,no additional groups are added to any container. Note that group membershipsdefined in the container image for the uid of the container process are still effective,even if they are not included in this list.Note that this field cannot be set when spec.os.name is windows.", + Description: "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.", ElementType: types.StringType, Required: false, Optional: true, @@ -5309,8 +5291,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "sysctls": schema.ListNestedAttribute{ - Description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows.", + Description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -5336,12 +5318,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -5356,16 +5338,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -5387,8 +5369,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "args": schema.ListAttribute{ - Description: "Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - MarkdownDescription: "Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + Description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + MarkdownDescription: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", ElementType: types.StringType, Required: false, Optional: true, @@ -5396,8 +5378,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "command": schema.ListAttribute{ - Description: "Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - MarkdownDescription: "Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + Description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + MarkdownDescription: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", ElementType: types.StringType, Required: false, Optional: true, @@ -5405,8 +5387,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "env": schema.ListNestedAttribute{ - Description: "List of environment variables to set in the container.Cannot be updated.", - MarkdownDescription: "List of environment variables to set in the container.Cannot be updated.", + Description: "List of environment variables to set in the container. Cannot be updated.", + MarkdownDescription: "List of environment variables to set in the container. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -5418,8 +5400,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "value": schema.StringAttribute{ - Description: "Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''.", - MarkdownDescription: "Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''.", + Description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.", + MarkdownDescription: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.", Required: false, Optional: true, Computed: false, @@ -5442,8 +5424,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -5463,8 +5445,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "field_ref": schema.SingleNestedAttribute{ - Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - MarkdownDescription: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + MarkdownDescription: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -5488,8 +5470,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "resource_field_ref": schema.SingleNestedAttribute{ - Description: "Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - MarkdownDescription: "Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + Description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + MarkdownDescription: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", Attributes: map[string]schema.Attribute{ "container_name": schema.StringAttribute{ Description: "Container name: required for volumes, optional for env vars", @@ -5533,8 +5515,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -5565,8 +5547,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "env_from": schema.ListNestedAttribute{ - Description: "List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated.", - MarkdownDescription: "List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated.", + Description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + MarkdownDescription: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "config_map_ref": schema.SingleNestedAttribute{ @@ -5574,8 +5556,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "The ConfigMap to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -5607,8 +5589,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "The Secret to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -5634,36 +5616,36 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "image": schema.StringAttribute{ - Description: "Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", - MarkdownDescription: "Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", + Description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + MarkdownDescription: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", Required: false, Optional: true, Computed: false, }, "image_pull_policy": schema.StringAttribute{ - Description: "Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - MarkdownDescription: "Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + Description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + MarkdownDescription: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", Required: false, Optional: true, Computed: false, }, "lifecycle": schema.SingleNestedAttribute{ - Description: "Actions that the management system should take in response to container lifecycle events.Cannot be updated.", - MarkdownDescription: "Actions that the management system should take in response to container lifecycle events.Cannot be updated.", + Description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + MarkdownDescription: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", Attributes: map[string]schema.Attribute{ "post_start": schema.SingleNestedAttribute{ - Description: "PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - MarkdownDescription: "PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + Description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + MarkdownDescription: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -5680,8 +5662,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -5693,8 +5675,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -5723,16 +5705,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -5761,8 +5743,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "tcp_socket": schema.SingleNestedAttribute{ - Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", - MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", + Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ Description: "Optional: Host name to connect to, defaults to the pod IP.", @@ -5773,8 +5755,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -5791,16 +5773,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "pre_stop": schema.SingleNestedAttribute{ - Description: "PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - MarkdownDescription: "PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + Description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + MarkdownDescription: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -5817,8 +5799,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -5830,8 +5812,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -5860,16 +5842,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -5898,8 +5880,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "tcp_socket": schema.SingleNestedAttribute{ - Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", - MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", + Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ Description: "Optional: Host name to connect to, defaults to the pod IP.", @@ -5910,8 +5892,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -5933,16 +5915,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "liveness_probe": schema.SingleNestedAttribute{ - Description: "Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -5955,8 +5937,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -5975,8 +5957,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -5992,8 +5974,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -6005,8 +5987,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -6035,16 +6017,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -6056,24 +6038,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -6092,8 +6074,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -6105,16 +6087,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -6126,21 +6108,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated.", - MarkdownDescription: "Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated.", + Description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + MarkdownDescription: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", Required: true, Optional: false, Computed: false, }, "ports": schema.ListNestedAttribute{ - Description: "List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated.", - MarkdownDescription: "List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated.", + Description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + MarkdownDescription: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "container_port": schema.Int64Attribute{ - Description: "Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536.", - MarkdownDescription: "Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536.", + Description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + MarkdownDescription: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", Required: true, Optional: false, Computed: false, @@ -6155,24 +6137,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "host_port": schema.Int64Attribute{ - Description: "Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this.", - MarkdownDescription: "Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this.", + Description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + MarkdownDescription: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", Required: false, Optional: true, Computed: false, }, "name": schema.StringAttribute{ - Description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services.", - MarkdownDescription: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services.", + Description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + MarkdownDescription: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", Required: false, Optional: true, Computed: false, }, "protocol": schema.StringAttribute{ - Description: "Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'.", - MarkdownDescription: "Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'.", + Description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'.", + MarkdownDescription: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'.", Required: false, Optional: true, Computed: false, @@ -6185,16 +6167,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "readiness_probe": schema.SingleNestedAttribute{ - Description: "Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -6207,8 +6189,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -6227,8 +6209,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -6244,8 +6226,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -6257,8 +6239,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -6287,16 +6269,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -6308,24 +6290,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -6344,8 +6326,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -6357,16 +6339,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -6383,16 +6365,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "resource_name": schema.StringAttribute{ - Description: "Name of the resource to which this resource resize policy applies.Supported values: cpu, memory.", - MarkdownDescription: "Name of the resource to which this resource resize policy applies.Supported values: cpu, memory.", + Description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", + MarkdownDescription: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", Required: true, Optional: false, Computed: false, }, "restart_policy": schema.StringAttribute{ - Description: "Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired.", - MarkdownDescription: "Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired.", + Description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", + MarkdownDescription: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", Required: true, Optional: false, Computed: false, @@ -6405,17 +6387,17 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "resources": schema.SingleNestedAttribute{ - Description: "Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", Attributes: map[string]schema.Attribute{ "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", + MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", + Description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", Required: true, Optional: false, Computed: false, @@ -6428,8 +6410,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "limits": schema.MapAttribute{ - Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -6437,8 +6419,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "requests": schema.MapAttribute{ - Description: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -6451,28 +6433,28 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "restart_policy": schema.StringAttribute{ - Description: "RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted.", - MarkdownDescription: "RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted.", + Description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", + MarkdownDescription: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", Required: false, Optional: true, Computed: false, }, "security_context": schema.SingleNestedAttribute{ - Description: "SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - MarkdownDescription: "SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + Description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + MarkdownDescription: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", Attributes: map[string]schema.Attribute{ "allow_privilege_escalation": schema.BoolAttribute{ - Description: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", + Description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "capabilities": schema.SingleNestedAttribute{ - Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", + Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "add": schema.ListAttribute{ Description: "Added capabilities", @@ -6498,56 +6480,56 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "privileged": schema.BoolAttribute{ - Description: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "read_only_root_filesystem": schema.BoolAttribute{ - Description: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -6587,20 +6569,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -6612,12 +6594,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -6632,16 +6614,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -6658,16 +6640,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "startup_probe": schema.SingleNestedAttribute{ - Description: "StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -6680,8 +6662,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -6700,8 +6682,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -6717,8 +6699,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -6730,8 +6712,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -6760,16 +6742,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -6781,24 +6763,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -6817,8 +6799,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -6830,16 +6812,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -6851,40 +6833,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "stdin": schema.BoolAttribute{ - Description: "Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false.", - MarkdownDescription: "Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false.", + Description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + MarkdownDescription: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", Required: false, Optional: true, Computed: false, }, "stdin_once": schema.BoolAttribute{ - Description: "Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false", - MarkdownDescription: "Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false", + Description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + MarkdownDescription: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", Required: false, Optional: true, Computed: false, }, "termination_message_path": schema.StringAttribute{ - Description: "Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated.", - MarkdownDescription: "Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated.", + Description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + MarkdownDescription: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", Required: false, Optional: true, Computed: false, }, "termination_message_policy": schema.StringAttribute{ - Description: "Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated.", - MarkdownDescription: "Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated.", + Description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + MarkdownDescription: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", Required: false, Optional: true, Computed: false, }, "tty": schema.BoolAttribute{ - Description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false.", - MarkdownDescription: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false.", + Description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + MarkdownDescription: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", Required: false, Optional: true, Computed: false, @@ -6918,21 +6900,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "volume_mounts": schema.ListNestedAttribute{ - Description: "Pod volumes to mount into the container's filesystem.Cannot be updated.", - MarkdownDescription: "Pod volumes to mount into the container's filesystem.Cannot be updated.", + Description: "Pod volumes to mount into the container's filesystem. Cannot be updated.", + MarkdownDescription: "Pod volumes to mount into the container's filesystem. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mount_path": schema.StringAttribute{ - Description: "Path within the container at which the volume should be mounted. Mustnot contain ':'.", - MarkdownDescription: "Path within the container at which the volume should be mounted. Mustnot contain ':'.", + Description: "Path within the container at which the volume should be mounted. Must not contain ':'.", + MarkdownDescription: "Path within the container at which the volume should be mounted. Must not contain ':'.", Required: true, Optional: false, Computed: false, }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, @@ -6947,24 +6929,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -6977,8 +6959,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "working_dir": schema.StringAttribute{ - Description: "Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated.", - MarkdownDescription: "Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated.", + Description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + MarkdownDescription: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", Required: false, Optional: true, Computed: false, @@ -6996,40 +6978,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "effect": schema.StringAttribute{ - Description: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + Description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", Required: false, Optional: true, Computed: false, }, "key": schema.StringAttribute{ - Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", Required: false, Optional: true, Computed: false, }, "operator": schema.StringAttribute{ - Description: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", - MarkdownDescription: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", + Description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + MarkdownDescription: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", Required: false, Optional: true, Computed: false, }, "toleration_seconds": schema.Int64Attribute{ - Description: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", - MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", + Description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", Required: false, Optional: true, Computed: false, }, "value": schema.StringAttribute{ - Description: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", - MarkdownDescription: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", + Description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + MarkdownDescription: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", Required: false, Optional: true, Computed: false, @@ -7047,12 +7029,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "rack_config": schema.SingleNestedAttribute{ - Description: "RackConfig Configures the operator to deploy rack aware Aerospike cluster.Pods will be deployed in given racks based on given configuration", - MarkdownDescription: "RackConfig Configures the operator to deploy rack aware Aerospike cluster.Pods will be deployed in given racks based on given configuration", + Description: "RackConfig Configures the operator to deploy rack aware Aerospike cluster. Pods will be deployed in given racks based on given configuration", + MarkdownDescription: "RackConfig Configures the operator to deploy rack aware Aerospike cluster. Pods will be deployed in given racks based on given configuration", Attributes: map[string]schema.Attribute{ "max_ignorable_pods": schema.StringAttribute{ - Description: "MaxIgnorablePods is the maximum number/percentage of pending/failed pods in a rack that are ignored whileassessing cluster stability. Pods identified using this value are not considered part of the cluster.Additionally, in SC mode clusters, these pods are removed from the roster.This is particularly useful when some pods are stuck in pending/failed state due to any scheduling issues andcannot be fixed by simply updating the CR.It enables the operator to perform specific operations on the cluster, like changing Aerospike configurations,without being hindered by these problematic pods.Remember to set MaxIgnorablePods back to 0 once the required operation is done.This makes sure that later on, all pods are properly counted when evaluating the cluster stability.", - MarkdownDescription: "MaxIgnorablePods is the maximum number/percentage of pending/failed pods in a rack that are ignored whileassessing cluster stability. Pods identified using this value are not considered part of the cluster.Additionally, in SC mode clusters, these pods are removed from the roster.This is particularly useful when some pods are stuck in pending/failed state due to any scheduling issues andcannot be fixed by simply updating the CR.It enables the operator to perform specific operations on the cluster, like changing Aerospike configurations,without being hindered by these problematic pods.Remember to set MaxIgnorablePods back to 0 once the required operation is done.This makes sure that later on, all pods are properly counted when evaluating the cluster stability.", + Description: "MaxIgnorablePods is the maximum number/percentage of pending/failed pods in a rack that are ignored while assessing cluster stability. Pods identified using this value are not considered part of the cluster. Additionally, in SC mode clusters, these pods are removed from the roster. This is particularly useful when some pods are stuck in pending/failed state due to any scheduling issues and cannot be fixed by simply updating the CR. It enables the operator to perform specific operations on the cluster, like changing Aerospike configurations, without being hindered by these problematic pods. Remember to set MaxIgnorablePods back to 0 once the required operation is done. This makes sure that later on, all pods are properly counted when evaluating the cluster stability.", + MarkdownDescription: "MaxIgnorablePods is the maximum number/percentage of pending/failed pods in a rack that are ignored while assessing cluster stability. Pods identified using this value are not considered part of the cluster. Additionally, in SC mode clusters, these pods are removed from the roster. This is particularly useful when some pods are stuck in pending/failed state due to any scheduling issues and cannot be fixed by simply updating the CR. It enables the operator to perform specific operations on the cluster, like changing Aerospike configurations, without being hindered by these problematic pods. Remember to set MaxIgnorablePods back to 0 once the required operation is done. This makes sure that later on, all pods are properly counted when evaluating the cluster stability.", Required: false, Optional: true, Computed: false, @@ -7082,8 +7064,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "effective_aerospike_config": schema.MapAttribute{ - Description: "Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the globalAerospike config", - MarkdownDescription: "Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the globalAerospike config", + Description: "Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the global Aerospike config", + MarkdownDescription: "Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the global Aerospike config", ElementType: types.StringType, Required: false, Optional: true, @@ -7103,8 +7085,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Describes node affinity scheduling rules for the pod.", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "preference": schema.SingleNestedAttribute{ @@ -7125,16 +7107,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7161,16 +7143,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7203,8 +7185,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "required_during_scheduling_ignored_during_execution": schema.SingleNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", Attributes: map[string]schema.Attribute{ "node_selector_terms": schema.ListNestedAttribute{ Description: "Required. A list of node selector terms. The terms are ORed.", @@ -7225,16 +7207,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7261,16 +7243,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7304,8 +7286,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -7313,8 +7295,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7330,16 +7312,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7353,8 +7335,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7367,8 +7349,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7376,8 +7358,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7385,8 +7367,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7402,16 +7384,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7425,8 +7407,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7439,8 +7421,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -7448,8 +7430,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -7461,8 +7443,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -7475,13 +7457,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7497,16 +7479,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7520,8 +7502,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7534,8 +7516,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7543,8 +7525,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7552,8 +7534,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7569,16 +7551,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7592,8 +7574,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7606,8 +7588,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -7615,8 +7597,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -7638,8 +7620,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -7647,8 +7629,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7664,16 +7646,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7687,8 +7669,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7701,8 +7683,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7710,8 +7692,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7719,8 +7701,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7736,16 +7718,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7759,8 +7741,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7773,8 +7755,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -7782,8 +7764,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -7795,8 +7777,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -7809,13 +7791,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7831,16 +7813,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7854,8 +7836,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7868,8 +7850,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7877,8 +7859,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7886,8 +7868,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7903,16 +7885,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7926,8 +7908,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7940,8 +7922,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -7949,8 +7931,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -7987,40 +7969,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "effect": schema.StringAttribute{ - Description: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + Description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", Required: false, Optional: true, Computed: false, }, "key": schema.StringAttribute{ - Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", Required: false, Optional: true, Computed: false, }, "operator": schema.StringAttribute{ - Description: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", - MarkdownDescription: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", + Description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + MarkdownDescription: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", Required: false, Optional: true, Computed: false, }, "toleration_seconds": schema.Int64Attribute{ - Description: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", - MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", + Description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", Required: false, Optional: true, Computed: false, }, "value": schema.StringAttribute{ - Description: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", - MarkdownDescription: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", + Description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + MarkdownDescription: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", Required: false, Optional: true, Computed: false, @@ -8046,8 +8028,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "BlockVolumePolicy contains default policies for block volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -8084,8 +8066,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -8095,8 +8077,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -8123,8 +8105,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "FileSystemVolumePolicy contains default policies for filesystem volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -8161,8 +8143,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -8172,8 +8154,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -8210,32 +8192,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -8260,8 +8242,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -8315,32 +8297,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -8366,8 +8348,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -8402,32 +8384,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -8461,16 +8443,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "ConfigMap represents a configMap that should populate this volume", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -8482,16 +8464,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -8504,8 +8486,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -8525,20 +8507,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "empty_dir": schema.SingleNestedAttribute{ - Description: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Attributes: map[string]schema.Attribute{ "medium": schema.StringAttribute{ - Description: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, }, "size_limit": schema.StringAttribute{ - Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, @@ -8554,8 +8536,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods.", Attributes: map[string]schema.Attribute{ "access_modes": schema.ListAttribute{ - Description: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", - MarkdownDescription: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", + Description: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", + MarkdownDescription: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", ElementType: types.StringType, Required: false, Optional: true, @@ -8607,16 +8589,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8630,8 +8612,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -8673,20 +8655,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "secret": schema.SingleNestedAttribute{ - Description: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", - MarkdownDescription: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", + Description: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + MarkdownDescription: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -8698,16 +8680,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -8728,8 +8710,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "secret_name": schema.StringAttribute{ - Description: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + Description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", Required: false, Optional: true, Computed: false, @@ -8746,8 +8728,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -8796,8 +8778,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Describes node affinity scheduling rules for the pod.", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "preference": schema.SingleNestedAttribute{ @@ -8818,16 +8800,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8854,16 +8836,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8896,8 +8878,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "required_during_scheduling_ignored_during_execution": schema.SingleNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", Attributes: map[string]schema.Attribute{ "node_selector_terms": schema.ListNestedAttribute{ Description: "Required. A list of node selector terms. The terms are ORed.", @@ -8918,16 +8900,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8954,16 +8936,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8997,8 +8979,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -9006,8 +8988,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9023,16 +9005,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9046,8 +9028,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9060,8 +9042,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9069,8 +9051,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9078,8 +9060,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9095,16 +9077,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9118,8 +9100,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9132,8 +9114,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -9141,8 +9123,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -9154,8 +9136,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -9168,13 +9150,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9190,16 +9172,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9213,8 +9195,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9227,8 +9209,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9236,8 +9218,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9245,8 +9227,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9262,16 +9244,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9285,8 +9267,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9299,8 +9281,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -9308,8 +9290,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -9331,8 +9313,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -9340,8 +9322,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9357,16 +9339,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9380,8 +9362,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9394,8 +9376,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9403,8 +9385,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9412,8 +9394,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9429,16 +9411,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9452,8 +9434,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9466,8 +9448,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -9475,8 +9457,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -9488,8 +9470,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -9502,13 +9484,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9524,16 +9506,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9547,8 +9529,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9561,8 +9543,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9570,8 +9552,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9579,8 +9561,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9596,16 +9578,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9619,8 +9601,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9633,8 +9615,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -9642,8 +9624,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -9680,40 +9662,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "effect": schema.StringAttribute{ - Description: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + Description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", Required: false, Optional: true, Computed: false, }, "key": schema.StringAttribute{ - Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", Required: false, Optional: true, Computed: false, }, "operator": schema.StringAttribute{ - Description: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", - MarkdownDescription: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", + Description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + MarkdownDescription: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", Required: false, Optional: true, Computed: false, }, "toleration_seconds": schema.Int64Attribute{ - Description: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", - MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", + Description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", Required: false, Optional: true, Computed: false, }, "value": schema.StringAttribute{ - Description: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", - MarkdownDescription: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", + Description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + MarkdownDescription: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", Required: false, Optional: true, Computed: false, @@ -9731,8 +9713,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "rack_label": schema.StringAttribute{ - Description: "RackLabel for setting rack affinity.Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: }", - MarkdownDescription: "RackLabel for setting rack affinity.Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: }", + Description: "RackLabel for setting rack affinity. Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: }", + MarkdownDescription: "RackLabel for setting rack affinity. Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: }", Required: false, Optional: true, Computed: false, @@ -9755,8 +9737,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "BlockVolumePolicy contains default policies for block volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -9793,8 +9775,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -9804,8 +9786,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -9832,8 +9814,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "FileSystemVolumePolicy contains default policies for filesystem volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -9870,8 +9852,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -9881,8 +9863,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -9919,32 +9901,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -9969,8 +9951,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -10024,32 +10006,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -10075,8 +10057,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -10111,32 +10093,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -10170,16 +10152,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "ConfigMap represents a configMap that should populate this volume", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -10191,16 +10173,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -10213,8 +10195,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -10234,20 +10216,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "empty_dir": schema.SingleNestedAttribute{ - Description: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Attributes: map[string]schema.Attribute{ "medium": schema.StringAttribute{ - Description: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, }, "size_limit": schema.StringAttribute{ - Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, @@ -10263,8 +10245,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods.", Attributes: map[string]schema.Attribute{ "access_modes": schema.ListAttribute{ - Description: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", - MarkdownDescription: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", + Description: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", + MarkdownDescription: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", ElementType: types.StringType, Required: false, Optional: true, @@ -10316,16 +10298,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -10339,8 +10321,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -10382,20 +10364,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "secret": schema.SingleNestedAttribute{ - Description: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", - MarkdownDescription: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", + Description: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + MarkdownDescription: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -10407,16 +10389,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -10437,8 +10419,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "secret_name": schema.StringAttribute{ - Description: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + Description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", Required: false, Optional: true, Computed: false, @@ -10455,8 +10437,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -10521,12 +10503,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "seeds_finder_services": schema.SingleNestedAttribute{ - Description: "SeedsFinderServices creates additional Kubernetes service that allowclients to discover Aerospike cluster nodes.", - MarkdownDescription: "SeedsFinderServices creates additional Kubernetes service that allowclients to discover Aerospike cluster nodes.", + Description: "SeedsFinderServices creates additional Kubernetes service that allow clients to discover Aerospike cluster nodes.", + MarkdownDescription: "SeedsFinderServices creates additional Kubernetes service that allow clients to discover Aerospike cluster nodes.", Attributes: map[string]schema.Attribute{ "load_balancer": schema.SingleNestedAttribute{ - Description: "LoadBalancer created to discover Aerospike Cluster nodes from outside ofKubernetes cluster.", - MarkdownDescription: "LoadBalancer created to discover Aerospike Cluster nodes from outside ofKubernetes cluster.", + Description: "LoadBalancer created to discover Aerospike Cluster nodes from outside of Kubernetes cluster.", + MarkdownDescription: "LoadBalancer created to discover Aerospike Cluster nodes from outside of Kubernetes cluster.", Attributes: map[string]schema.Attribute{ "annotations": schema.MapAttribute{ Description: "", @@ -10538,8 +10520,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "external_traffic_policy": schema.StringAttribute{ - Description: "ServiceExternalTrafficPolicy describes how nodes distribute service traffic theyreceive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs,and LoadBalancer IPs.", - MarkdownDescription: "ServiceExternalTrafficPolicy describes how nodes distribute service traffic theyreceive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs,and LoadBalancer IPs.", + Description: "ServiceExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs, and LoadBalancer IPs.", + MarkdownDescription: "ServiceExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs, and LoadBalancer IPs.", Required: false, Optional: true, Computed: false, @@ -10578,8 +10560,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "target_port": schema.Int64Attribute{ - Description: "TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config.If there is no tls port configured then regular port from network.service is used.", - MarkdownDescription: "TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config.If there is no tls port configured then regular port from network.service is used.", + Description: "TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config. If there is no tls port configured then regular port from network.service is used.", + MarkdownDescription: "TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config. If there is no tls port configured then regular port from network.service is used.", Required: false, Optional: true, Computed: false, @@ -10616,8 +10598,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "BlockVolumePolicy contains default policies for block volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -10654,8 +10636,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -10665,8 +10647,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -10693,8 +10675,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "FileSystemVolumePolicy contains default policies for filesystem volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -10731,8 +10713,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -10742,8 +10724,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -10780,32 +10762,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -10830,8 +10812,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -10885,32 +10867,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -10936,8 +10918,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -10972,32 +10954,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -11031,16 +11013,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "ConfigMap represents a configMap that should populate this volume", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -11052,16 +11034,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -11074,8 +11056,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -11095,20 +11077,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "empty_dir": schema.SingleNestedAttribute{ - Description: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Attributes: map[string]schema.Attribute{ "medium": schema.StringAttribute{ - Description: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, }, "size_limit": schema.StringAttribute{ - Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, @@ -11124,8 +11106,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods.", Attributes: map[string]schema.Attribute{ "access_modes": schema.ListAttribute{ - Description: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", - MarkdownDescription: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", + Description: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", + MarkdownDescription: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", ElementType: types.StringType, Required: false, Optional: true, @@ -11177,16 +11159,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -11200,8 +11182,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -11243,20 +11225,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "secret": schema.SingleNestedAttribute{ - Description: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", - MarkdownDescription: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", + Description: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + MarkdownDescription: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -11268,16 +11250,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -11298,8 +11280,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "secret_name": schema.StringAttribute{ - Description: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + Description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", Required: false, Optional: true, Computed: false, @@ -11316,8 +11298,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -11342,16 +11324,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ MarkdownDescription: "ValidationPolicy controls validation of the Aerospike cluster resource.", Attributes: map[string]schema.Attribute{ "skip_work_dir_validate": schema.BoolAttribute{ - Description: "skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage.Defaults to false.", - MarkdownDescription: "skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage.Defaults to false.", + Description: "skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage. Defaults to false.", + MarkdownDescription: "skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage. Defaults to false.", Required: true, Optional: false, Computed: false, }, "skip_xdr_dlog_file_validate": schema.BoolAttribute{ - Description: "ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage.Defaults to false.", - MarkdownDescription: "ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage.Defaults to false.", + Description: "ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage. Defaults to false.", + MarkdownDescription: "ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage. Defaults to false.", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/asdb_aerospike_com_v1beta1/asdb_aerospike_com_aerospike_cluster_v1beta1_manifest.go b/internal/provider/asdb_aerospike_com_v1beta1/asdb_aerospike_com_aerospike_cluster_v1beta1_manifest.go index a1aa62635..f39e6673c 100644 --- a/internal/provider/asdb_aerospike_com_v1beta1/asdb_aerospike_com_aerospike_cluster_v1beta1_manifest.go +++ b/internal/provider/asdb_aerospike_com_v1beta1/asdb_aerospike_com_aerospike_cluster_v1beta1_manifest.go @@ -1635,8 +1635,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "secret_name": schema.StringAttribute{ - Description: "SecretName has secret info created by user. User needs to create this secret from password literal.eg: kubectl create secret generic dev-db-secret --from-literal=password='password'", - MarkdownDescription: "SecretName has secret info created by user. User needs to create this secret from password literal.eg: kubectl create secret generic dev-db-secret --from-literal=password='password'", + Description: "SecretName has secret info created by user. User needs to create this secret from password literal. eg: kubectl create secret generic dev-db-secret --from-literal=password='password'", + MarkdownDescription: "SecretName has secret info created by user. User needs to create this secret from password literal. eg: kubectl create secret generic dev-db-secret --from-literal=password='password'", Required: true, Optional: false, Computed: false, @@ -1667,8 +1667,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "AerospikeNetworkPolicy specifies how clients and tools access the Aerospike cluster.", Attributes: map[string]schema.Attribute{ "access": schema.StringAttribute{ - Description: "AccessType is the type of network address to use for Aerospike access address.Defaults to hostInternal.", - MarkdownDescription: "AccessType is the type of network address to use for Aerospike access address.Defaults to hostInternal.", + Description: "AccessType is the type of network address to use for Aerospike access address. Defaults to hostInternal.", + MarkdownDescription: "AccessType is the type of network address to use for Aerospike access address. Defaults to hostInternal.", Required: false, Optional: true, Computed: false, @@ -1678,8 +1678,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "alternate_access": schema.StringAttribute{ - Description: "AlternateAccessType is the type of network address to use for Aerospike alternate access address.Defaults to hostExternal.", - MarkdownDescription: "AlternateAccessType is the type of network address to use for Aerospike alternate access address.Defaults to hostExternal.", + Description: "AlternateAccessType is the type of network address to use for Aerospike alternate access address. Defaults to hostExternal.", + MarkdownDescription: "AlternateAccessType is the type of network address to use for Aerospike alternate access address. Defaults to hostExternal.", Required: false, Optional: true, Computed: false, @@ -1689,8 +1689,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "custom_access_network_names": schema.ListAttribute{ - Description: "CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' access type.", - MarkdownDescription: "CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' access type.", + Description: "CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' access type.", + MarkdownDescription: "CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' access type.", ElementType: types.StringType, Required: false, Optional: true, @@ -1698,8 +1698,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "custom_alternate_access_network_names": schema.ListAttribute{ - Description: "CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospikealternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' alternateAccess type", - MarkdownDescription: "CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospikealternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' alternateAccess type", + Description: "CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' alternateAccess type", + MarkdownDescription: "CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' alternateAccess type", ElementType: types.StringType, Required: false, Optional: true, @@ -1707,8 +1707,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "custom_fabric_network_names": schema.ListAttribute{ - Description: "CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' fabric type", - MarkdownDescription: "CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' fabric type", + Description: "CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' fabric type", + MarkdownDescription: "CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' fabric type", ElementType: types.StringType, Required: false, Optional: true, @@ -1716,8 +1716,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "custom_tls_access_network_names": schema.ListAttribute{ - Description: "CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAccess type", - MarkdownDescription: "CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAccess type", + Description: "CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAccess type", + MarkdownDescription: "CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAccess type", ElementType: types.StringType, Required: false, Optional: true, @@ -1725,8 +1725,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "custom_tls_alternate_access_network_names": schema.ListAttribute{ - Description: "CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLSalternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAlternateAccess type", - MarkdownDescription: "CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLSalternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAlternateAccess type", + Description: "CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAlternateAccess type", + MarkdownDescription: "CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAlternateAccess type", ElementType: types.StringType, Required: false, Optional: true, @@ -1734,8 +1734,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "custom_tls_fabric_network_names": schema.ListAttribute{ - Description: "CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign networkinterfaces to the pod.Required with 'customInterface' tlsFabric type", - MarkdownDescription: "CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign networkinterfaces to the pod.Required with 'customInterface' tlsFabric type", + Description: "CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsFabric type", + MarkdownDescription: "CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsFabric type", ElementType: types.StringType, Required: false, Optional: true, @@ -1743,8 +1743,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "fabric": schema.StringAttribute{ - Description: "FabricType is the type of network address to use for Aerospike fabric address.Defaults is empty meaning all interfaces 'any'.", - MarkdownDescription: "FabricType is the type of network address to use for Aerospike fabric address.Defaults is empty meaning all interfaces 'any'.", + Description: "FabricType is the type of network address to use for Aerospike fabric address. Defaults is empty meaning all interfaces 'any'.", + MarkdownDescription: "FabricType is the type of network address to use for Aerospike fabric address. Defaults is empty meaning all interfaces 'any'.", Required: false, Optional: true, Computed: false, @@ -1754,8 +1754,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "tls_access": schema.StringAttribute{ - Description: "TLSAccessType is the type of network address to use for Aerospike TLS access address.Defaults to hostInternal.", - MarkdownDescription: "TLSAccessType is the type of network address to use for Aerospike TLS access address.Defaults to hostInternal.", + Description: "TLSAccessType is the type of network address to use for Aerospike TLS access address. Defaults to hostInternal.", + MarkdownDescription: "TLSAccessType is the type of network address to use for Aerospike TLS access address. Defaults to hostInternal.", Required: false, Optional: true, Computed: false, @@ -1765,8 +1765,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "tls_alternate_access": schema.StringAttribute{ - Description: "TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address.Defaults to hostExternal.", - MarkdownDescription: "TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address.Defaults to hostExternal.", + Description: "TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address. Defaults to hostExternal.", + MarkdownDescription: "TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address. Defaults to hostExternal.", Required: false, Optional: true, Computed: false, @@ -1776,8 +1776,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "tls_fabric": schema.StringAttribute{ - Description: "TLSFabricType is the type of network address to use for Aerospike TLS fabric address.Defaults is empty meaning all interfaces 'any'.", - MarkdownDescription: "TLSFabricType is the type of network address to use for Aerospike TLS fabric address.Defaults is empty meaning all interfaces 'any'.", + Description: "TLSFabricType is the type of network address to use for Aerospike TLS fabric address. Defaults is empty meaning all interfaces 'any'.", + MarkdownDescription: "TLSFabricType is the type of network address to use for Aerospike TLS fabric address. Defaults is empty meaning all interfaces 'any'.", Required: false, Optional: true, Computed: false, @@ -1804,8 +1804,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Certificates to connect to Aerospike.", Attributes: map[string]schema.Attribute{ "cert_path_in_operator": schema.SingleNestedAttribute{ - Description: "AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospikecluster.All paths are on operator's filesystem.", - MarkdownDescription: "AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospikecluster.All paths are on operator's filesystem.", + Description: "AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospike cluster. All paths are on operator's filesystem.", + MarkdownDescription: "AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospike cluster. All paths are on operator's filesystem.", Attributes: map[string]schema.Attribute{ "ca_certs_path": schema.StringAttribute{ Description: "", @@ -1928,21 +1928,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Specify additional configuration for the Aerospike pods", Attributes: map[string]schema.Attribute{ "aerospike_container": schema.SingleNestedAttribute{ - Description: "AerospikeContainerSpec configures the aerospike-server containercreated by the operator.", - MarkdownDescription: "AerospikeContainerSpec configures the aerospike-server containercreated by the operator.", + Description: "AerospikeContainerSpec configures the aerospike-server container created by the operator.", + MarkdownDescription: "AerospikeContainerSpec configures the aerospike-server container created by the operator.", Attributes: map[string]schema.Attribute{ "resources": schema.SingleNestedAttribute{ - Description: "Define resources requests and limits for Aerospike Server Container.Please contact aerospike for proper sizing exerciseOnly Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests.", - MarkdownDescription: "Define resources requests and limits for Aerospike Server Container.Please contact aerospike for proper sizing exerciseOnly Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests.", + Description: "Define resources requests and limits for Aerospike Server Container. Please contact aerospike for proper sizing exercise Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests.", + MarkdownDescription: "Define resources requests and limits for Aerospike Server Container. Please contact aerospike for proper sizing exercise Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests.", Attributes: map[string]schema.Attribute{ "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", + MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", + Description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", Required: true, Optional: false, Computed: false, @@ -1955,8 +1955,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "limits": schema.MapAttribute{ - Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -1964,8 +1964,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "requests": schema.MapAttribute{ - Description: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -1982,16 +1982,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "SecurityContext that will be added to aerospike-server container created by operator.", Attributes: map[string]schema.Attribute{ "allow_privilege_escalation": schema.BoolAttribute{ - Description: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", + Description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "capabilities": schema.SingleNestedAttribute{ - Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", + Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "add": schema.ListAttribute{ Description: "Added capabilities", @@ -2017,56 +2017,56 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "privileged": schema.BoolAttribute{ - Description: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "read_only_root_filesystem": schema.BoolAttribute{ - Description: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -2106,20 +2106,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -2131,12 +2131,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -2151,16 +2151,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -2182,29 +2182,29 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "aerospike_init_container": schema.SingleNestedAttribute{ - Description: "AerospikeInitContainerSpec configures the aerospike-init containercreated by the operator.", - MarkdownDescription: "AerospikeInitContainerSpec configures the aerospike-init containercreated by the operator.", + Description: "AerospikeInitContainerSpec configures the aerospike-init container created by the operator.", + MarkdownDescription: "AerospikeInitContainerSpec configures the aerospike-init container created by the operator.", Attributes: map[string]schema.Attribute{ "image_registry": schema.StringAttribute{ - Description: "ImageRegistry is the name of image registry for aerospike-init container imageImageRegistry, e.g. docker.io, redhat.access.com", - MarkdownDescription: "ImageRegistry is the name of image registry for aerospike-init container imageImageRegistry, e.g. docker.io, redhat.access.com", + Description: "ImageRegistry is the name of image registry for aerospike-init container image ImageRegistry, e.g. docker.io, redhat.access.com", + MarkdownDescription: "ImageRegistry is the name of image registry for aerospike-init container image ImageRegistry, e.g. docker.io, redhat.access.com", Required: false, Optional: true, Computed: false, }, "resources": schema.SingleNestedAttribute{ - Description: "Define resources requests and limits for Aerospike init Container.Only Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests.", - MarkdownDescription: "Define resources requests and limits for Aerospike init Container.Only Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests.", + Description: "Define resources requests and limits for Aerospike init Container. Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests.", + MarkdownDescription: "Define resources requests and limits for Aerospike init Container. Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests.", Attributes: map[string]schema.Attribute{ "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", + MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", + Description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", Required: true, Optional: false, Computed: false, @@ -2217,8 +2217,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "limits": schema.MapAttribute{ - Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -2226,8 +2226,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "requests": schema.MapAttribute{ - Description: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -2244,16 +2244,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "SecurityContext that will be added to aerospike-init container created by operator.", Attributes: map[string]schema.Attribute{ "allow_privilege_escalation": schema.BoolAttribute{ - Description: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", + Description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "capabilities": schema.SingleNestedAttribute{ - Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", + Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "add": schema.ListAttribute{ Description: "Added capabilities", @@ -2279,56 +2279,56 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "privileged": schema.BoolAttribute{ - Description: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "read_only_root_filesystem": schema.BoolAttribute{ - Description: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -2368,20 +2368,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -2393,12 +2393,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -2413,16 +2413,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -2452,8 +2452,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Describes node affinity scheduling rules for the pod.", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "preference": schema.SingleNestedAttribute{ @@ -2474,16 +2474,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2510,16 +2510,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2552,8 +2552,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "required_during_scheduling_ignored_during_execution": schema.SingleNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", Attributes: map[string]schema.Attribute{ "node_selector_terms": schema.ListNestedAttribute{ Description: "Required. A list of node selector terms. The terms are ORed.", @@ -2574,16 +2574,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2610,16 +2610,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2653,8 +2653,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -2662,8 +2662,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -2679,16 +2679,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2702,8 +2702,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2716,8 +2716,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2725,8 +2725,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2734,8 +2734,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -2751,16 +2751,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2774,8 +2774,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2788,8 +2788,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -2797,8 +2797,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -2810,8 +2810,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -2824,13 +2824,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -2846,16 +2846,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2869,8 +2869,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2883,8 +2883,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2892,8 +2892,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2901,8 +2901,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -2918,16 +2918,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2941,8 +2941,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2955,8 +2955,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -2964,8 +2964,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -2987,8 +2987,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -2996,8 +2996,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3013,16 +3013,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3036,8 +3036,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3050,8 +3050,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3059,8 +3059,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3068,8 +3068,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3085,16 +3085,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3108,8 +3108,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3122,8 +3122,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -3131,8 +3131,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -3144,8 +3144,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -3158,13 +3158,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3180,16 +3180,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3203,8 +3203,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3217,8 +3217,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3226,8 +3226,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3235,8 +3235,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3252,16 +3252,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3275,8 +3275,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3289,8 +3289,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -3298,8 +3298,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -3322,12 +3322,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "dns_config": schema.SingleNestedAttribute{ - Description: "DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.This is required field when dnsPolicy is set to 'None'", - MarkdownDescription: "DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.This is required field when dnsPolicy is set to 'None'", + Description: "DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy. This is required field when dnsPolicy is set to 'None'", + MarkdownDescription: "DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy. This is required field when dnsPolicy is set to 'None'", Attributes: map[string]schema.Attribute{ "nameservers": schema.ListAttribute{ - Description: "A list of DNS name server IP addresses.This will be appended to the base nameservers generated from DNSPolicy.Duplicated nameservers will be removed.", - MarkdownDescription: "A list of DNS name server IP addresses.This will be appended to the base nameservers generated from DNSPolicy.Duplicated nameservers will be removed.", + Description: "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", + MarkdownDescription: "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3335,8 +3335,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "options": schema.ListNestedAttribute{ - Description: "A list of DNS resolver options.This will be merged with the base options generated from DNSPolicy.Duplicated entries will be removed. Resolution options given in Optionswill override those that appear in the base DNSPolicy.", - MarkdownDescription: "A list of DNS resolver options.This will be merged with the base options generated from DNSPolicy.Duplicated entries will be removed. Resolution options given in Optionswill override those that appear in the base DNSPolicy.", + Description: "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", + MarkdownDescription: "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -3362,8 +3362,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "searches": schema.ListAttribute{ - Description: "A list of DNS search domains for host-name lookup.This will be appended to the base search paths generated from DNSPolicy.Duplicated search paths will be removed.", - MarkdownDescription: "A list of DNS search domains for host-name lookup.This will be appended to the base search paths generated from DNSPolicy.Duplicated search paths will be removed.", + Description: "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", + MarkdownDescription: "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3376,8 +3376,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "dns_policy": schema.StringAttribute{ - Description: "DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy.If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet", - MarkdownDescription: "DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy.If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet", + Description: "DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet", + MarkdownDescription: "DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet", Required: false, Optional: true, Computed: false, @@ -3392,21 +3392,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "host_network": schema.BoolAttribute{ - Description: "HostNetwork enables host networking for the pod.To enable hostNetwork multiPodPerHost must be false.", - MarkdownDescription: "HostNetwork enables host networking for the pod.To enable hostNetwork multiPodPerHost must be false.", + Description: "HostNetwork enables host networking for the pod. To enable hostNetwork multiPodPerHost must be false.", + MarkdownDescription: "HostNetwork enables host networking for the pod. To enable hostNetwork multiPodPerHost must be false.", Required: false, Optional: true, Computed: false, }, "image_pull_secrets": schema.ListNestedAttribute{ - Description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any ofthe images used by this PodSpec.More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", - MarkdownDescription: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any ofthe images used by this PodSpec.More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + Description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + MarkdownDescription: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3424,8 +3424,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "args": schema.ListAttribute{ - Description: "Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - MarkdownDescription: "Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + Description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + MarkdownDescription: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", ElementType: types.StringType, Required: false, Optional: true, @@ -3433,8 +3433,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "command": schema.ListAttribute{ - Description: "Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - MarkdownDescription: "Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + Description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + MarkdownDescription: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", ElementType: types.StringType, Required: false, Optional: true, @@ -3442,8 +3442,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "env": schema.ListNestedAttribute{ - Description: "List of environment variables to set in the container.Cannot be updated.", - MarkdownDescription: "List of environment variables to set in the container.Cannot be updated.", + Description: "List of environment variables to set in the container. Cannot be updated.", + MarkdownDescription: "List of environment variables to set in the container. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -3455,8 +3455,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "value": schema.StringAttribute{ - Description: "Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''.", - MarkdownDescription: "Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''.", + Description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.", + MarkdownDescription: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.", Required: false, Optional: true, Computed: false, @@ -3479,8 +3479,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3500,8 +3500,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "field_ref": schema.SingleNestedAttribute{ - Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - MarkdownDescription: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + MarkdownDescription: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -3525,8 +3525,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "resource_field_ref": schema.SingleNestedAttribute{ - Description: "Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - MarkdownDescription: "Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + Description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + MarkdownDescription: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", Attributes: map[string]schema.Attribute{ "container_name": schema.StringAttribute{ Description: "Container name: required for volumes, optional for env vars", @@ -3570,8 +3570,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3602,8 +3602,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "env_from": schema.ListNestedAttribute{ - Description: "List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated.", - MarkdownDescription: "List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated.", + Description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + MarkdownDescription: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "config_map_ref": schema.SingleNestedAttribute{ @@ -3611,8 +3611,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "The ConfigMap to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3644,8 +3644,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "The Secret to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -3671,36 +3671,36 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "image": schema.StringAttribute{ - Description: "Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", - MarkdownDescription: "Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", + Description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + MarkdownDescription: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", Required: false, Optional: true, Computed: false, }, "image_pull_policy": schema.StringAttribute{ - Description: "Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - MarkdownDescription: "Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + Description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + MarkdownDescription: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", Required: false, Optional: true, Computed: false, }, "lifecycle": schema.SingleNestedAttribute{ - Description: "Actions that the management system should take in response to container lifecycle events.Cannot be updated.", - MarkdownDescription: "Actions that the management system should take in response to container lifecycle events.Cannot be updated.", + Description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + MarkdownDescription: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", Attributes: map[string]schema.Attribute{ "post_start": schema.SingleNestedAttribute{ - Description: "PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - MarkdownDescription: "PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + Description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + MarkdownDescription: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -3717,8 +3717,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -3730,8 +3730,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -3760,16 +3760,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -3798,8 +3798,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "tcp_socket": schema.SingleNestedAttribute{ - Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", - MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", + Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ Description: "Optional: Host name to connect to, defaults to the pod IP.", @@ -3810,8 +3810,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -3828,16 +3828,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "pre_stop": schema.SingleNestedAttribute{ - Description: "PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - MarkdownDescription: "PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + Description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + MarkdownDescription: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -3854,8 +3854,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -3867,8 +3867,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -3897,16 +3897,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -3935,8 +3935,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "tcp_socket": schema.SingleNestedAttribute{ - Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", - MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", + Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ Description: "Optional: Host name to connect to, defaults to the pod IP.", @@ -3947,8 +3947,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -3970,16 +3970,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "liveness_probe": schema.SingleNestedAttribute{ - Description: "Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -3992,8 +3992,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4012,8 +4012,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -4029,8 +4029,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -4042,8 +4042,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -4072,16 +4072,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -4093,24 +4093,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4129,8 +4129,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -4142,16 +4142,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -4163,21 +4163,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "name": schema.StringAttribute{ - Description: "Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated.", - MarkdownDescription: "Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated.", + Description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + MarkdownDescription: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", Required: true, Optional: false, Computed: false, }, "ports": schema.ListNestedAttribute{ - Description: "List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated.", - MarkdownDescription: "List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated.", + Description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + MarkdownDescription: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "container_port": schema.Int64Attribute{ - Description: "Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536.", - MarkdownDescription: "Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536.", + Description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + MarkdownDescription: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", Required: true, Optional: false, Computed: false, @@ -4192,24 +4192,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "host_port": schema.Int64Attribute{ - Description: "Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this.", - MarkdownDescription: "Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this.", + Description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + MarkdownDescription: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", Required: false, Optional: true, Computed: false, }, "name": schema.StringAttribute{ - Description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services.", - MarkdownDescription: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services.", + Description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + MarkdownDescription: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", Required: false, Optional: true, Computed: false, }, "protocol": schema.StringAttribute{ - Description: "Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'.", - MarkdownDescription: "Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'.", + Description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'.", + MarkdownDescription: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'.", Required: false, Optional: true, Computed: false, @@ -4222,16 +4222,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "readiness_probe": schema.SingleNestedAttribute{ - Description: "Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -4244,8 +4244,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4264,8 +4264,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -4281,8 +4281,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -4294,8 +4294,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -4324,16 +4324,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -4345,24 +4345,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4381,8 +4381,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -4394,16 +4394,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -4420,16 +4420,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "resource_name": schema.StringAttribute{ - Description: "Name of the resource to which this resource resize policy applies.Supported values: cpu, memory.", - MarkdownDescription: "Name of the resource to which this resource resize policy applies.Supported values: cpu, memory.", + Description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", + MarkdownDescription: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", Required: true, Optional: false, Computed: false, }, "restart_policy": schema.StringAttribute{ - Description: "Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired.", - MarkdownDescription: "Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired.", + Description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", + MarkdownDescription: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", Required: true, Optional: false, Computed: false, @@ -4442,17 +4442,17 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "resources": schema.SingleNestedAttribute{ - Description: "Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", Attributes: map[string]schema.Attribute{ "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", + MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", + Description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", Required: true, Optional: false, Computed: false, @@ -4465,8 +4465,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "limits": schema.MapAttribute{ - Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -4474,8 +4474,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "requests": schema.MapAttribute{ - Description: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -4488,28 +4488,28 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "restart_policy": schema.StringAttribute{ - Description: "RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted.", - MarkdownDescription: "RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted.", + Description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", + MarkdownDescription: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", Required: false, Optional: true, Computed: false, }, "security_context": schema.SingleNestedAttribute{ - Description: "SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - MarkdownDescription: "SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + Description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + MarkdownDescription: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", Attributes: map[string]schema.Attribute{ "allow_privilege_escalation": schema.BoolAttribute{ - Description: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", + Description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "capabilities": schema.SingleNestedAttribute{ - Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", + Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "add": schema.ListAttribute{ Description: "Added capabilities", @@ -4535,56 +4535,56 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "privileged": schema.BoolAttribute{ - Description: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "read_only_root_filesystem": schema.BoolAttribute{ - Description: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -4624,20 +4624,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -4649,12 +4649,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -4669,16 +4669,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -4695,16 +4695,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "startup_probe": schema.SingleNestedAttribute{ - Description: "StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -4717,8 +4717,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4737,8 +4737,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -4754,8 +4754,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -4767,8 +4767,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -4797,16 +4797,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -4818,24 +4818,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -4854,8 +4854,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -4867,16 +4867,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -4888,40 +4888,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "stdin": schema.BoolAttribute{ - Description: "Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false.", - MarkdownDescription: "Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false.", + Description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + MarkdownDescription: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", Required: false, Optional: true, Computed: false, }, "stdin_once": schema.BoolAttribute{ - Description: "Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false", - MarkdownDescription: "Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false", + Description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + MarkdownDescription: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", Required: false, Optional: true, Computed: false, }, "termination_message_path": schema.StringAttribute{ - Description: "Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated.", - MarkdownDescription: "Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated.", + Description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + MarkdownDescription: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", Required: false, Optional: true, Computed: false, }, "termination_message_policy": schema.StringAttribute{ - Description: "Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated.", - MarkdownDescription: "Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated.", + Description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + MarkdownDescription: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", Required: false, Optional: true, Computed: false, }, "tty": schema.BoolAttribute{ - Description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false.", - MarkdownDescription: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false.", + Description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + MarkdownDescription: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", Required: false, Optional: true, Computed: false, @@ -4955,21 +4955,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "volume_mounts": schema.ListNestedAttribute{ - Description: "Pod volumes to mount into the container's filesystem.Cannot be updated.", - MarkdownDescription: "Pod volumes to mount into the container's filesystem.Cannot be updated.", + Description: "Pod volumes to mount into the container's filesystem. Cannot be updated.", + MarkdownDescription: "Pod volumes to mount into the container's filesystem. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mount_path": schema.StringAttribute{ - Description: "Path within the container at which the volume should be mounted. Mustnot contain ':'.", - MarkdownDescription: "Path within the container at which the volume should be mounted. Mustnot contain ':'.", + Description: "Path within the container at which the volume should be mounted. Must not contain ':'.", + MarkdownDescription: "Path within the container at which the volume should be mounted. Must not contain ':'.", Required: true, Optional: false, Computed: false, }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, @@ -4984,24 +4984,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -5014,8 +5014,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "working_dir": schema.StringAttribute{ - Description: "Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated.", - MarkdownDescription: "Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated.", + Description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + MarkdownDescription: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", Required: false, Optional: true, Computed: false, @@ -5055,8 +5055,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "multi_pod_per_host": schema.BoolAttribute{ - Description: "If set true then multiple pods can be created per Kubernetes Node.This will create a NodePort service for each Pod.NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes ,and any traffic that is sent to this port is forwarded to the service.Here service picks a random port in range (30000-32767), so these port should be open.If set false then only single pod can be created per Kubernetes Node.This will create Pods using hostPort setting.The container port will be exposed to the external network at :,where the hostIP is the IP address of the Kubernetes Node where the container is running andthe hostPort is the port requested by the user.", - MarkdownDescription: "If set true then multiple pods can be created per Kubernetes Node.This will create a NodePort service for each Pod.NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes ,and any traffic that is sent to this port is forwarded to the service.Here service picks a random port in range (30000-32767), so these port should be open.If set false then only single pod can be created per Kubernetes Node.This will create Pods using hostPort setting.The container port will be exposed to the external network at :,where the hostIP is the IP address of the Kubernetes Node where the container is running andthe hostPort is the port requested by the user.", + Description: "If set true then multiple pods can be created per Kubernetes Node. This will create a NodePort service for each Pod. NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes , and any traffic that is sent to this port is forwarded to the service. Here service picks a random port in range (30000-32767), so these port should be open. If set false then only single pod can be created per Kubernetes Node. This will create Pods using hostPort setting. The container port will be exposed to the external network at :, where the hostIP is the IP address of the Kubernetes Node where the container is running and the hostPort is the port requested by the user.", + MarkdownDescription: "If set true then multiple pods can be created per Kubernetes Node. This will create a NodePort service for each Pod. NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes , and any traffic that is sent to this port is forwarded to the service. Here service picks a random port in range (30000-32767), so these port should be open. If set false then only single pod can be created per Kubernetes Node. This will create Pods using hostPort setting. The container port will be exposed to the external network at :, where the hostIP is the IP address of the Kubernetes Node where the container is running and the hostPort is the port requested by the user.", Required: false, Optional: true, Computed: false, @@ -5072,52 +5072,52 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "security_context": schema.SingleNestedAttribute{ - Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", - MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", + Description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", + MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ "fs_group": schema.Int64Attribute{ - Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", + Description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "fs_group_change_policy": schema.StringAttribute{ - Description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows.", + Description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to all containers.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in SecurityContext. If set inboth SecurityContext and PodSecurityContext, the value specified in SecurityContexttakes precedence for that container.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to all containers.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in SecurityContext. If set inboth SecurityContext and PodSecurityContext, the value specified in SecurityContexttakes precedence for that container.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -5157,20 +5157,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -5182,8 +5182,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "supplemental_groups": schema.ListAttribute{ - Description: "A list of groups applied to the first process run in each container, in additionto the container's primary GID, the fsGroup (if specified), and group membershipsdefined in the container image for the uid of the container process. If unspecified,no additional groups are added to any container. Note that group membershipsdefined in the container image for the uid of the container process are still effective,even if they are not included in this list.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "A list of groups applied to the first process run in each container, in additionto the container's primary GID, the fsGroup (if specified), and group membershipsdefined in the container image for the uid of the container process. If unspecified,no additional groups are added to any container. Note that group membershipsdefined in the container image for the uid of the container process are still effective,even if they are not included in this list.Note that this field cannot be set when spec.os.name is windows.", + Description: "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.", ElementType: types.StringType, Required: false, Optional: true, @@ -5191,8 +5191,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "sysctls": schema.ListNestedAttribute{ - Description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows.", + Description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -5218,12 +5218,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -5238,16 +5238,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -5269,8 +5269,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "args": schema.ListAttribute{ - Description: "Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - MarkdownDescription: "Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + Description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + MarkdownDescription: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", ElementType: types.StringType, Required: false, Optional: true, @@ -5278,8 +5278,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "command": schema.ListAttribute{ - Description: "Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - MarkdownDescription: "Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + Description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + MarkdownDescription: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", ElementType: types.StringType, Required: false, Optional: true, @@ -5287,8 +5287,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "env": schema.ListNestedAttribute{ - Description: "List of environment variables to set in the container.Cannot be updated.", - MarkdownDescription: "List of environment variables to set in the container.Cannot be updated.", + Description: "List of environment variables to set in the container. Cannot be updated.", + MarkdownDescription: "List of environment variables to set in the container. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -5300,8 +5300,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "value": schema.StringAttribute{ - Description: "Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''.", - MarkdownDescription: "Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''.", + Description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.", + MarkdownDescription: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.", Required: false, Optional: true, Computed: false, @@ -5324,8 +5324,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -5345,8 +5345,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "field_ref": schema.SingleNestedAttribute{ - Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - MarkdownDescription: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + MarkdownDescription: "Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -5370,8 +5370,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "resource_field_ref": schema.SingleNestedAttribute{ - Description: "Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - MarkdownDescription: "Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + Description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + MarkdownDescription: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", Attributes: map[string]schema.Attribute{ "container_name": schema.StringAttribute{ Description: "Container name: required for volumes, optional for env vars", @@ -5415,8 +5415,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -5447,8 +5447,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "env_from": schema.ListNestedAttribute{ - Description: "List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated.", - MarkdownDescription: "List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated.", + Description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + MarkdownDescription: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "config_map_ref": schema.SingleNestedAttribute{ @@ -5456,8 +5456,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "The ConfigMap to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -5489,8 +5489,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "The Secret to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -5516,36 +5516,36 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "image": schema.StringAttribute{ - Description: "Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", - MarkdownDescription: "Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", + Description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + MarkdownDescription: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", Required: false, Optional: true, Computed: false, }, "image_pull_policy": schema.StringAttribute{ - Description: "Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - MarkdownDescription: "Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + Description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + MarkdownDescription: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", Required: false, Optional: true, Computed: false, }, "lifecycle": schema.SingleNestedAttribute{ - Description: "Actions that the management system should take in response to container lifecycle events.Cannot be updated.", - MarkdownDescription: "Actions that the management system should take in response to container lifecycle events.Cannot be updated.", + Description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + MarkdownDescription: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", Attributes: map[string]schema.Attribute{ "post_start": schema.SingleNestedAttribute{ - Description: "PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - MarkdownDescription: "PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + Description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + MarkdownDescription: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -5562,8 +5562,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -5575,8 +5575,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -5605,16 +5605,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -5643,8 +5643,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "tcp_socket": schema.SingleNestedAttribute{ - Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", - MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", + Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ Description: "Optional: Host name to connect to, defaults to the pod IP.", @@ -5655,8 +5655,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -5673,16 +5673,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "pre_stop": schema.SingleNestedAttribute{ - Description: "PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - MarkdownDescription: "PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + Description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + MarkdownDescription: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -5699,8 +5699,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -5712,8 +5712,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -5742,16 +5742,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -5780,8 +5780,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "tcp_socket": schema.SingleNestedAttribute{ - Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", - MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", + Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ Description: "Optional: Host name to connect to, defaults to the pod IP.", @@ -5792,8 +5792,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -5815,16 +5815,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "liveness_probe": schema.SingleNestedAttribute{ - Description: "Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -5837,8 +5837,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -5857,8 +5857,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -5874,8 +5874,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -5887,8 +5887,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -5917,16 +5917,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -5938,24 +5938,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -5974,8 +5974,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -5987,16 +5987,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -6008,21 +6008,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "name": schema.StringAttribute{ - Description: "Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated.", - MarkdownDescription: "Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated.", + Description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + MarkdownDescription: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", Required: true, Optional: false, Computed: false, }, "ports": schema.ListNestedAttribute{ - Description: "List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated.", - MarkdownDescription: "List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated.", + Description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + MarkdownDescription: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "container_port": schema.Int64Attribute{ - Description: "Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536.", - MarkdownDescription: "Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536.", + Description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + MarkdownDescription: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", Required: true, Optional: false, Computed: false, @@ -6037,24 +6037,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "host_port": schema.Int64Attribute{ - Description: "Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this.", - MarkdownDescription: "Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this.", + Description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + MarkdownDescription: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", Required: false, Optional: true, Computed: false, }, "name": schema.StringAttribute{ - Description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services.", - MarkdownDescription: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services.", + Description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + MarkdownDescription: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", Required: false, Optional: true, Computed: false, }, "protocol": schema.StringAttribute{ - Description: "Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'.", - MarkdownDescription: "Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'.", + Description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'.", + MarkdownDescription: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'.", Required: false, Optional: true, Computed: false, @@ -6067,16 +6067,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "readiness_probe": schema.SingleNestedAttribute{ - Description: "Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -6089,8 +6089,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -6109,8 +6109,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -6126,8 +6126,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -6139,8 +6139,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -6169,16 +6169,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -6190,24 +6190,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -6226,8 +6226,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -6239,16 +6239,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -6265,16 +6265,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "resource_name": schema.StringAttribute{ - Description: "Name of the resource to which this resource resize policy applies.Supported values: cpu, memory.", - MarkdownDescription: "Name of the resource to which this resource resize policy applies.Supported values: cpu, memory.", + Description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", + MarkdownDescription: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", Required: true, Optional: false, Computed: false, }, "restart_policy": schema.StringAttribute{ - Description: "Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired.", - MarkdownDescription: "Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired.", + Description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", + MarkdownDescription: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", Required: true, Optional: false, Computed: false, @@ -6287,17 +6287,17 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "resources": schema.SingleNestedAttribute{ - Description: "Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", Attributes: map[string]schema.Attribute{ "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", + MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", + Description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", Required: true, Optional: false, Computed: false, @@ -6310,8 +6310,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "limits": schema.MapAttribute{ - Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -6319,8 +6319,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "requests": schema.MapAttribute{ - Description: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + Description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + MarkdownDescription: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", ElementType: types.StringType, Required: false, Optional: true, @@ -6333,28 +6333,28 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "restart_policy": schema.StringAttribute{ - Description: "RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted.", - MarkdownDescription: "RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted.", + Description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", + MarkdownDescription: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", Required: false, Optional: true, Computed: false, }, "security_context": schema.SingleNestedAttribute{ - Description: "SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - MarkdownDescription: "SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + Description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + MarkdownDescription: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", Attributes: map[string]schema.Attribute{ "allow_privilege_escalation": schema.BoolAttribute{ - Description: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows.", + Description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "capabilities": schema.SingleNestedAttribute{ - Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", + Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "add": schema.ListAttribute{ Description: "Added capabilities", @@ -6380,56 +6380,56 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "privileged": schema.BoolAttribute{ - Description: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "read_only_root_filesystem": schema.BoolAttribute{ - Description: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows.", + Description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_group": schema.Int64Attribute{ - Description: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "run_as_non_root": schema.BoolAttribute{ - Description: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, }, "run_as_user": schema.Int64Attribute{ - Description: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, }, "se_linux_options": schema.SingleNestedAttribute{ - Description: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows.", + Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "level": schema.StringAttribute{ Description: "Level is SELinux level label that applies to the container.", @@ -6469,20 +6469,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "seccomp_profile": schema.SingleNestedAttribute{ - Description: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows.", + Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", Attributes: map[string]schema.Attribute{ "localhost_profile": schema.StringAttribute{ - Description: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", - MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type.", + Description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", + MarkdownDescription: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.", Required: false, Optional: true, Computed: false, }, "type": schema.StringAttribute{ - Description: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", - MarkdownDescription: "type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied.", + Description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + MarkdownDescription: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", Required: true, Optional: false, Computed: false, @@ -6494,12 +6494,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "windows_options": schema.SingleNestedAttribute{ - Description: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", - MarkdownDescription: "The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux.", + Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + MarkdownDescription: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", Attributes: map[string]schema.Attribute{ "gmsa_credential_spec": schema.StringAttribute{ - Description: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", - MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field.", + Description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + MarkdownDescription: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", Required: false, Optional: true, Computed: false, @@ -6514,16 +6514,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "host_process": schema.BoolAttribute{ - Description: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", - MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true.", + Description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + MarkdownDescription: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", Required: false, Optional: true, Computed: false, }, "run_as_user_name": schema.StringAttribute{ - Description: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", - MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.", + Description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + MarkdownDescription: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", Required: false, Optional: true, Computed: false, @@ -6540,16 +6540,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "startup_probe": schema.SingleNestedAttribute{ - Description: "StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Attributes: map[string]schema.Attribute{ "exec": schema.SingleNestedAttribute{ Description: "Exec specifies the action to take.", MarkdownDescription: "Exec specifies the action to take.", Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ - Description: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - MarkdownDescription: "Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + Description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + MarkdownDescription: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", ElementType: types.StringType, Required: false, Optional: true, @@ -6562,8 +6562,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "failure_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1.", + Description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -6582,8 +6582,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "service": schema.StringAttribute{ - Description: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", - MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC.", + Description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", + MarkdownDescription: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", Required: false, Optional: true, Computed: false, @@ -6599,8 +6599,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "HTTPGet specifies the http request to perform.", Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ - Description: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", - MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead.", + Description: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", + MarkdownDescription: "Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.", Required: false, Optional: true, Computed: false, @@ -6612,8 +6612,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", - MarkdownDescription: "The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header.", + Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + MarkdownDescription: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", Required: true, Optional: false, Computed: false, @@ -6642,16 +6642,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, }, "scheme": schema.StringAttribute{ - Description: "Scheme to use for connecting to the host.Defaults to HTTP.", - MarkdownDescription: "Scheme to use for connecting to the host.Defaults to HTTP.", + Description: "Scheme to use for connecting to the host. Defaults to HTTP.", + MarkdownDescription: "Scheme to use for connecting to the host. Defaults to HTTP.", Required: false, Optional: true, Computed: false, @@ -6663,24 +6663,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "initial_delay_seconds": schema.Int64Attribute{ - Description: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, }, "period_seconds": schema.Int64Attribute{ - Description: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", - MarkdownDescription: "How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1.", + Description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + MarkdownDescription: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", Required: false, Optional: true, Computed: false, }, "success_threshold": schema.Int64Attribute{ - Description: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + Description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + MarkdownDescription: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", Required: false, Optional: true, Computed: false, @@ -6699,8 +6699,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "port": schema.StringAttribute{ - Description: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", - MarkdownDescription: "Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME.", + Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + MarkdownDescription: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", Required: true, Optional: false, Computed: false, @@ -6712,16 +6712,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "termination_grace_period_seconds": schema.Int64Attribute{ - Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + Description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + MarkdownDescription: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", Required: false, Optional: true, Computed: false, }, "timeout_seconds": schema.Int64Attribute{ - Description: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - MarkdownDescription: "Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + Description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + MarkdownDescription: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", Required: false, Optional: true, Computed: false, @@ -6733,40 +6733,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "stdin": schema.BoolAttribute{ - Description: "Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false.", - MarkdownDescription: "Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false.", + Description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + MarkdownDescription: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", Required: false, Optional: true, Computed: false, }, "stdin_once": schema.BoolAttribute{ - Description: "Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false", - MarkdownDescription: "Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false", + Description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + MarkdownDescription: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", Required: false, Optional: true, Computed: false, }, "termination_message_path": schema.StringAttribute{ - Description: "Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated.", - MarkdownDescription: "Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated.", + Description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + MarkdownDescription: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", Required: false, Optional: true, Computed: false, }, "termination_message_policy": schema.StringAttribute{ - Description: "Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated.", - MarkdownDescription: "Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated.", + Description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + MarkdownDescription: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", Required: false, Optional: true, Computed: false, }, "tty": schema.BoolAttribute{ - Description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false.", - MarkdownDescription: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false.", + Description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + MarkdownDescription: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", Required: false, Optional: true, Computed: false, @@ -6800,21 +6800,21 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "volume_mounts": schema.ListNestedAttribute{ - Description: "Pod volumes to mount into the container's filesystem.Cannot be updated.", - MarkdownDescription: "Pod volumes to mount into the container's filesystem.Cannot be updated.", + Description: "Pod volumes to mount into the container's filesystem. Cannot be updated.", + MarkdownDescription: "Pod volumes to mount into the container's filesystem. Cannot be updated.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mount_path": schema.StringAttribute{ - Description: "Path within the container at which the volume should be mounted. Mustnot contain ':'.", - MarkdownDescription: "Path within the container at which the volume should be mounted. Mustnot contain ':'.", + Description: "Path within the container at which the volume should be mounted. Must not contain ':'.", + MarkdownDescription: "Path within the container at which the volume should be mounted. Must not contain ':'.", Required: true, Optional: false, Computed: false, }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, @@ -6829,24 +6829,24 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -6859,8 +6859,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "working_dir": schema.StringAttribute{ - Description: "Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated.", - MarkdownDescription: "Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated.", + Description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + MarkdownDescription: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", Required: false, Optional: true, Computed: false, @@ -6878,40 +6878,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "effect": schema.StringAttribute{ - Description: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + Description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", Required: false, Optional: true, Computed: false, }, "key": schema.StringAttribute{ - Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", Required: false, Optional: true, Computed: false, }, "operator": schema.StringAttribute{ - Description: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", - MarkdownDescription: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", + Description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + MarkdownDescription: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", Required: false, Optional: true, Computed: false, }, "toleration_seconds": schema.Int64Attribute{ - Description: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", - MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", + Description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", Required: false, Optional: true, Computed: false, }, "value": schema.StringAttribute{ - Description: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", - MarkdownDescription: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", + Description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + MarkdownDescription: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", Required: false, Optional: true, Computed: false, @@ -6929,8 +6929,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "rack_config": schema.SingleNestedAttribute{ - Description: "RackConfig Configures the operator to deploy rack aware Aerospike cluster.Pods will be deployed in given racks based on given configuration", - MarkdownDescription: "RackConfig Configures the operator to deploy rack aware Aerospike cluster.Pods will be deployed in given racks based on given configuration", + Description: "RackConfig Configures the operator to deploy rack aware Aerospike cluster. Pods will be deployed in given racks based on given configuration", + MarkdownDescription: "RackConfig Configures the operator to deploy rack aware Aerospike cluster. Pods will be deployed in given racks based on given configuration", Attributes: map[string]schema.Attribute{ "namespaces": schema.ListAttribute{ Description: "List of Aerospike namespaces for which rack feature will be enabled", @@ -6956,8 +6956,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "effective_aerospike_config": schema.MapAttribute{ - Description: "Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the globalAerospike config", - MarkdownDescription: "Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the globalAerospike config", + Description: "Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the global Aerospike config", + MarkdownDescription: "Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the global Aerospike config", ElementType: types.StringType, Required: false, Optional: true, @@ -6977,8 +6977,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Describes node affinity scheduling rules for the pod.", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "preference": schema.SingleNestedAttribute{ @@ -6999,16 +6999,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7035,16 +7035,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7077,8 +7077,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "required_during_scheduling_ignored_during_execution": schema.SingleNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", Attributes: map[string]schema.Attribute{ "node_selector_terms": schema.ListNestedAttribute{ Description: "Required. A list of node selector terms. The terms are ORed.", @@ -7099,16 +7099,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7135,16 +7135,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7178,8 +7178,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -7187,8 +7187,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7204,16 +7204,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7227,8 +7227,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7241,8 +7241,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7250,8 +7250,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7259,8 +7259,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7276,16 +7276,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7299,8 +7299,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7313,8 +7313,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -7322,8 +7322,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -7335,8 +7335,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -7349,13 +7349,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7371,16 +7371,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7394,8 +7394,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7408,8 +7408,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7417,8 +7417,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7426,8 +7426,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7443,16 +7443,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7466,8 +7466,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7480,8 +7480,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -7489,8 +7489,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -7512,8 +7512,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -7521,8 +7521,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7538,16 +7538,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7561,8 +7561,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7575,8 +7575,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7584,8 +7584,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7593,8 +7593,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7610,16 +7610,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7633,8 +7633,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7647,8 +7647,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -7656,8 +7656,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -7669,8 +7669,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -7683,13 +7683,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7705,16 +7705,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7728,8 +7728,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7742,8 +7742,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7751,8 +7751,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7760,8 +7760,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7777,16 +7777,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -7800,8 +7800,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -7814,8 +7814,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -7823,8 +7823,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -7861,40 +7861,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "effect": schema.StringAttribute{ - Description: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + Description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", Required: false, Optional: true, Computed: false, }, "key": schema.StringAttribute{ - Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", Required: false, Optional: true, Computed: false, }, "operator": schema.StringAttribute{ - Description: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", - MarkdownDescription: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", + Description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + MarkdownDescription: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", Required: false, Optional: true, Computed: false, }, "toleration_seconds": schema.Int64Attribute{ - Description: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", - MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", + Description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", Required: false, Optional: true, Computed: false, }, "value": schema.StringAttribute{ - Description: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", - MarkdownDescription: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", + Description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + MarkdownDescription: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", Required: false, Optional: true, Computed: false, @@ -7920,8 +7920,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "BlockVolumePolicy contains default policies for block volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -7958,8 +7958,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -7969,8 +7969,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -7997,8 +7997,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "FileSystemVolumePolicy contains default policies for filesystem volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -8035,8 +8035,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -8046,8 +8046,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -8075,32 +8075,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -8125,8 +8125,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -8180,32 +8180,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -8231,8 +8231,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -8267,32 +8267,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -8326,16 +8326,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "ConfigMap represents a configMap that should populate this volume", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -8347,16 +8347,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -8369,8 +8369,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -8390,20 +8390,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "empty_dir": schema.SingleNestedAttribute{ - Description: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Attributes: map[string]schema.Attribute{ "medium": schema.StringAttribute{ - Description: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, }, "size_limit": schema.StringAttribute{ - Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, @@ -8419,8 +8419,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods.", Attributes: map[string]schema.Attribute{ "access_modes": schema.ListAttribute{ - Description: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", - MarkdownDescription: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", + Description: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", + MarkdownDescription: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", ElementType: types.StringType, Required: false, Optional: true, @@ -8472,16 +8472,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8495,8 +8495,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -8538,20 +8538,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "secret": schema.SingleNestedAttribute{ - Description: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", - MarkdownDescription: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", + Description: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + MarkdownDescription: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -8563,16 +8563,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -8593,8 +8593,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "secret_name": schema.StringAttribute{ - Description: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + Description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", Required: false, Optional: true, Computed: false, @@ -8611,8 +8611,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -8661,8 +8661,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Describes node affinity scheduling rules for the pod.", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "preference": schema.SingleNestedAttribute{ @@ -8683,16 +8683,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8719,16 +8719,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8761,8 +8761,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "required_during_scheduling_ignored_during_execution": schema.SingleNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", Attributes: map[string]schema.Attribute{ "node_selector_terms": schema.ListNestedAttribute{ Description: "Required. A list of node selector terms. The terms are ORed.", @@ -8783,16 +8783,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8819,16 +8819,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - MarkdownDescription: "Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + MarkdownDescription: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8862,8 +8862,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -8871,8 +8871,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -8888,16 +8888,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8911,8 +8911,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -8925,8 +8925,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -8934,8 +8934,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -8943,8 +8943,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -8960,16 +8960,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -8983,8 +8983,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -8997,8 +8997,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -9006,8 +9006,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -9019,8 +9019,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -9033,13 +9033,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9055,16 +9055,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9078,8 +9078,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9092,8 +9092,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9101,8 +9101,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9110,8 +9110,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9127,16 +9127,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9150,8 +9150,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9164,8 +9164,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -9173,8 +9173,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -9196,8 +9196,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", Attributes: map[string]schema.Attribute{ "preferred_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", - MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred.", + Description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + MarkdownDescription: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "pod_affinity_term": schema.SingleNestedAttribute{ @@ -9205,8 +9205,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9222,16 +9222,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9245,8 +9245,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9259,8 +9259,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9268,8 +9268,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9277,8 +9277,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9294,16 +9294,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9317,8 +9317,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9331,8 +9331,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -9340,8 +9340,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -9353,8 +9353,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "weight": schema.Int64Attribute{ - Description: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", - MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm,in the range 1-100.", + Description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + MarkdownDescription: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", Required: true, Optional: false, Computed: false, @@ -9367,13 +9367,13 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "required_during_scheduling_ignored_during_execution": schema.ListNestedAttribute{ - Description: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", - MarkdownDescription: "If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied.", + Description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + MarkdownDescription: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9389,16 +9389,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9412,8 +9412,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9426,8 +9426,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9435,8 +9435,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -9444,8 +9444,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", - MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", + Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", + MarkdownDescription: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9461,16 +9461,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -9484,8 +9484,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -9498,8 +9498,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "namespaces": schema.ListAttribute{ - Description: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", - MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + Description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", + MarkdownDescription: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.", ElementType: types.StringType, Required: false, Optional: true, @@ -9507,8 +9507,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "topology_key": schema.StringAttribute{ - Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", - MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed.", + Description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + MarkdownDescription: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", Required: true, Optional: false, Computed: false, @@ -9545,40 +9545,40 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "effect": schema.StringAttribute{ - Description: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + Description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", Required: false, Optional: true, Computed: false, }, "key": schema.StringAttribute{ - Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", Required: false, Optional: true, Computed: false, }, "operator": schema.StringAttribute{ - Description: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", - MarkdownDescription: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", + Description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + MarkdownDescription: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", Required: false, Optional: true, Computed: false, }, "toleration_seconds": schema.Int64Attribute{ - Description: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", - MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", + Description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", Required: false, Optional: true, Computed: false, }, "value": schema.StringAttribute{ - Description: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", - MarkdownDescription: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", + Description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + MarkdownDescription: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", Required: false, Optional: true, Computed: false, @@ -9596,8 +9596,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "rack_label": schema.StringAttribute{ - Description: "RackLabel for setting rack affinity.Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: }", - MarkdownDescription: "RackLabel for setting rack affinity.Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: }", + Description: "RackLabel for setting rack affinity. Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: }", + MarkdownDescription: "RackLabel for setting rack affinity. Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: }", Required: false, Optional: true, Computed: false, @@ -9620,8 +9620,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "BlockVolumePolicy contains default policies for block volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -9658,8 +9658,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -9669,8 +9669,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -9697,8 +9697,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "FileSystemVolumePolicy contains default policies for filesystem volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -9735,8 +9735,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -9746,8 +9746,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -9775,32 +9775,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -9825,8 +9825,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -9880,32 +9880,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -9931,8 +9931,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -9967,32 +9967,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -10026,16 +10026,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "ConfigMap represents a configMap that should populate this volume", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -10047,16 +10047,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -10069,8 +10069,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -10090,20 +10090,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "empty_dir": schema.SingleNestedAttribute{ - Description: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Attributes: map[string]schema.Attribute{ "medium": schema.StringAttribute{ - Description: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, }, "size_limit": schema.StringAttribute{ - Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, @@ -10119,8 +10119,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods.", Attributes: map[string]schema.Attribute{ "access_modes": schema.ListAttribute{ - Description: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", - MarkdownDescription: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", + Description: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", + MarkdownDescription: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", ElementType: types.StringType, Required: false, Optional: true, @@ -10172,16 +10172,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -10195,8 +10195,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -10238,20 +10238,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "secret": schema.SingleNestedAttribute{ - Description: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", - MarkdownDescription: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", + Description: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + MarkdownDescription: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -10263,16 +10263,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -10293,8 +10293,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "secret_name": schema.StringAttribute{ - Description: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + Description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", Required: false, Optional: true, Computed: false, @@ -10311,8 +10311,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -10369,12 +10369,12 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "seeds_finder_services": schema.SingleNestedAttribute{ - Description: "SeedsFinderServices creates additional Kubernetes service that allowclients to discover Aerospike cluster nodes.", - MarkdownDescription: "SeedsFinderServices creates additional Kubernetes service that allowclients to discover Aerospike cluster nodes.", + Description: "SeedsFinderServices creates additional Kubernetes service that allow clients to discover Aerospike cluster nodes.", + MarkdownDescription: "SeedsFinderServices creates additional Kubernetes service that allow clients to discover Aerospike cluster nodes.", Attributes: map[string]schema.Attribute{ "load_balancer": schema.SingleNestedAttribute{ - Description: "LoadBalancer created to discover Aerospike Cluster nodes from outside ofKubernetes cluster.", - MarkdownDescription: "LoadBalancer created to discover Aerospike Cluster nodes from outside ofKubernetes cluster.", + Description: "LoadBalancer created to discover Aerospike Cluster nodes from outside of Kubernetes cluster.", + MarkdownDescription: "LoadBalancer created to discover Aerospike Cluster nodes from outside of Kubernetes cluster.", Attributes: map[string]schema.Attribute{ "annotations": schema.MapAttribute{ Description: "", @@ -10386,8 +10386,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "external_traffic_policy": schema.StringAttribute{ - Description: "ServiceExternalTrafficPolicy describes how nodes distribute service traffic theyreceive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs,and LoadBalancer IPs.", - MarkdownDescription: "ServiceExternalTrafficPolicy describes how nodes distribute service traffic theyreceive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs,and LoadBalancer IPs.", + Description: "ServiceExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs, and LoadBalancer IPs.", + MarkdownDescription: "ServiceExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs, and LoadBalancer IPs.", Required: false, Optional: true, Computed: false, @@ -10418,8 +10418,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "target_port": schema.Int64Attribute{ - Description: "TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config.If there is no tls port configured then regular port from network.service is used.", - MarkdownDescription: "TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config.If there is no tls port configured then regular port from network.service is used.", + Description: "TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config. If there is no tls port configured then regular port from network.service is used.", + MarkdownDescription: "TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config. If there is no tls port configured then regular port from network.service is used.", Required: false, Optional: true, Computed: false, @@ -10456,8 +10456,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "BlockVolumePolicy contains default policies for block volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -10494,8 +10494,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -10505,8 +10505,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -10533,8 +10533,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "FileSystemVolumePolicy contains default policies for filesystem volumes.", Attributes: map[string]schema.Attribute{ "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -10571,8 +10571,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -10582,8 +10582,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -10611,32 +10611,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -10661,8 +10661,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "cascade_delete": schema.BoolAttribute{ - Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", - MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster.", + Description: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", + MarkdownDescription: "CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster.", Required: false, Optional: true, Computed: false, @@ -10716,32 +10716,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -10767,8 +10767,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "init_method": schema.StringAttribute{ - Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", - MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'.", + Description: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", + MarkdownDescription: "InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'.", Required: false, Optional: true, Computed: false, @@ -10803,32 +10803,32 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", Required: false, Optional: true, Computed: false, }, "read_only": schema.BoolAttribute{ - Description: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", - MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false.", + Description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + MarkdownDescription: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", Required: false, Optional: true, Computed: false, }, "sub_path": schema.StringAttribute{ - Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", - MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", + Description: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", + MarkdownDescription: "Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).", Required: false, Optional: true, Computed: false, }, "sub_path_expr": schema.StringAttribute{ - Description: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", - MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive.", + Description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", + MarkdownDescription: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.", Required: false, Optional: true, Computed: false, @@ -10862,16 +10862,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "ConfigMap represents a configMap that should populate this volume", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -10883,16 +10883,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -10905,8 +10905,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "name": schema.StringAttribute{ - Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", - MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, @@ -10926,20 +10926,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "empty_dir": schema.SingleNestedAttribute{ - Description: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Attributes: map[string]schema.Attribute{ "medium": schema.StringAttribute{ - Description: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, }, "size_limit": schema.StringAttribute{ - Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + MarkdownDescription: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", Required: false, Optional: true, Computed: false, @@ -10955,8 +10955,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods.", Attributes: map[string]schema.Attribute{ "access_modes": schema.ListAttribute{ - Description: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", - MarkdownDescription: "Name for creating PVC for this volume, Name or path should be givenName string 'json:'name''", + Description: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", + MarkdownDescription: "Name for creating PVC for this volume, Name or path should be given Name string 'json:'name''", ElementType: types.StringType, Required: false, Optional: true, @@ -11008,16 +11008,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -11031,8 +11031,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -11074,20 +11074,20 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "secret": schema.SingleNestedAttribute{ - Description: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", - MarkdownDescription: "Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling.", + Description: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + MarkdownDescription: "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", Attributes: map[string]schema.Attribute{ "default_mode": schema.Int64Attribute{ - Description: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "items": schema.ListNestedAttribute{ - Description: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", + Description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -11099,16 +11099,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", Required: true, Optional: false, Computed: false, @@ -11129,8 +11129,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "secret_name": schema.StringAttribute{ - Description: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + Description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + MarkdownDescription: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", Required: false, Optional: true, Computed: false, @@ -11147,8 +11147,8 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte }, "wipe_method": schema.StringAttribute{ - Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", - MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges.", + Description: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", + MarkdownDescription: "WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes.", Required: false, Optional: true, Computed: false, @@ -11173,16 +11173,16 @@ func (r *AsdbAerospikeComAerospikeClusterV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "ValidationPolicy controls validation of the Aerospike cluster resource.", Attributes: map[string]schema.Attribute{ "skip_work_dir_validate": schema.BoolAttribute{ - Description: "skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage.Defaults to false.", - MarkdownDescription: "skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage.Defaults to false.", + Description: "skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage. Defaults to false.", + MarkdownDescription: "skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage. Defaults to false.", Required: true, Optional: false, Computed: false, }, "skip_xdr_dlog_file_validate": schema.BoolAttribute{ - Description: "ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage.Defaults to false.", - MarkdownDescription: "ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage.Defaults to false.", + Description: "ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage. Defaults to false.", + MarkdownDescription: "ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage. Defaults to false.", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_platform_v1_manifest.go b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_platform_v1_manifest.go index b316f8539..130e3199c 100644 --- a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_platform_v1_manifest.go +++ b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_platform_v1_manifest.go @@ -1925,8 +1925,8 @@ func (r *CamelApacheOrgIntegrationPlatformV1Manifest) Schema(_ context.Context, }, "use_ssa": schema.BoolAttribute{ - Description: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", - MarkdownDescription: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + Description: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + MarkdownDescription: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_profile_v1_manifest.go b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_profile_v1_manifest.go index 88829f8e3..f4c3ec896 100644 --- a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_profile_v1_manifest.go +++ b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_profile_v1_manifest.go @@ -1711,8 +1711,8 @@ func (r *CamelApacheOrgIntegrationProfileV1Manifest) Schema(_ context.Context, _ }, "use_ssa": schema.BoolAttribute{ - Description: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", - MarkdownDescription: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + Description: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + MarkdownDescription: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_v1_manifest.go b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_v1_manifest.go index 1c0d2f867..bb2abe1eb 100644 --- a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_v1_manifest.go +++ b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_v1_manifest.go @@ -9799,8 +9799,8 @@ func (r *CamelApacheOrgIntegrationV1Manifest) Schema(_ context.Context, _ dataso }, "use_ssa": schema.BoolAttribute{ - Description: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", - MarkdownDescription: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + Description: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + MarkdownDescription: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/camel_apache_org_v1/camel_apache_org_pipe_v1_manifest.go b/internal/provider/camel_apache_org_v1/camel_apache_org_pipe_v1_manifest.go index 47c652c25..69cd09a3e 100644 --- a/internal/provider/camel_apache_org_v1/camel_apache_org_pipe_v1_manifest.go +++ b/internal/provider/camel_apache_org_v1/camel_apache_org_pipe_v1_manifest.go @@ -9868,8 +9868,8 @@ func (r *CamelApacheOrgPipeV1Manifest) Schema(_ context.Context, _ datasource.Sc }, "use_ssa": schema.BoolAttribute{ - Description: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", - MarkdownDescription: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + Description: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + MarkdownDescription: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/camel_apache_org_v1alpha1/camel_apache_org_kamelet_binding_v1alpha1_manifest.go b/internal/provider/camel_apache_org_v1alpha1/camel_apache_org_kamelet_binding_v1alpha1_manifest.go index 7d02ca41d..b083c6960 100644 --- a/internal/provider/camel_apache_org_v1alpha1/camel_apache_org_kamelet_binding_v1alpha1_manifest.go +++ b/internal/provider/camel_apache_org_v1alpha1/camel_apache_org_kamelet_binding_v1alpha1_manifest.go @@ -9994,8 +9994,8 @@ func (r *CamelApacheOrgKameletBindingV1Alpha1Manifest) Schema(_ context.Context, }, "use_ssa": schema.BoolAttribute{ - Description: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", - MarkdownDescription: "Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + Description: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", + MarkdownDescription: "Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_object_store_v1_manifest.go b/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_object_store_v1_manifest.go index cb47b4c82..fbc57b929 100644 --- a/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_object_store_v1_manifest.go +++ b/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_object_store_v1_manifest.go @@ -534,19 +534,9 @@ type CephRookIoCephObjectStoreV1ManifestData struct { } `tfsdk:"s3" json:"s3,omitempty"` } `tfsdk:"security" json:"security,omitempty"` SharedPools *struct { - DataPoolName *string `tfsdk:"data_pool_name" json:"dataPoolName,omitempty"` - MetadataPoolName *string `tfsdk:"metadata_pool_name" json:"metadataPoolName,omitempty"` - PoolPlacements *[]struct { - DataNonECPoolName *string `tfsdk:"data_non_ec_pool_name" json:"dataNonECPoolName,omitempty"` - DataPoolName *string `tfsdk:"data_pool_name" json:"dataPoolName,omitempty"` - MetadataPoolName *string `tfsdk:"metadata_pool_name" json:"metadataPoolName,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - StorageClasses *[]struct { - DataPoolName *string `tfsdk:"data_pool_name" json:"dataPoolName,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"storage_classes" json:"storageClasses,omitempty"` - } `tfsdk:"pool_placements" json:"poolPlacements,omitempty"` - PreserveRadosNamespaceDataOnDelete *bool `tfsdk:"preserve_rados_namespace_data_on_delete" json:"preserveRadosNamespaceDataOnDelete,omitempty"` + DataPoolName *string `tfsdk:"data_pool_name" json:"dataPoolName,omitempty"` + MetadataPoolName *string `tfsdk:"metadata_pool_name" json:"metadataPoolName,omitempty"` + PreserveRadosNamespaceDataOnDelete *bool `tfsdk:"preserve_rados_namespace_data_on_delete" json:"preserveRadosNamespaceDataOnDelete,omitempty"` } `tfsdk:"shared_pools" json:"sharedPools,omitempty"` Zone *struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -3944,106 +3934,19 @@ func (r *CephRookIoCephObjectStoreV1Manifest) Schema(_ context.Context, _ dataso "data_pool_name": schema.StringAttribute{ Description: "The data pool used for creating RADOS namespaces in the object store", MarkdownDescription: "The data pool used for creating RADOS namespaces in the object store", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, }, "metadata_pool_name": schema.StringAttribute{ Description: "The metadata pool used for creating RADOS namespaces in the object store", MarkdownDescription: "The metadata pool used for creating RADOS namespaces in the object store", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, }, - "pool_placements": schema.ListNestedAttribute{ - Description: "PoolPlacements control which Pools are associated with a particular RGW bucket.Once PoolPlacements are defined, RGW client will be able to associate poolwith ObjectStore bucket by providing '' during s3 bucket creationor 'X-Storage-Policy' header during swift container creation.See: https://docs.ceph.com/en/latest/radosgw/placement/#placement-targetsPoolPlacement with name: 'default' will be used as a default pool if no optionis provided during bucket creation.If default placement is not provided, spec.sharedPools.dataPoolName and spec.sharedPools.MetadataPoolName will be used as default pools.If spec.sharedPools are also empty, then RGW pools (spec.dataPool and spec.metadataPool) will be used as defaults.", - MarkdownDescription: "PoolPlacements control which Pools are associated with a particular RGW bucket.Once PoolPlacements are defined, RGW client will be able to associate poolwith ObjectStore bucket by providing '' during s3 bucket creationor 'X-Storage-Policy' header during swift container creation.See: https://docs.ceph.com/en/latest/radosgw/placement/#placement-targetsPoolPlacement with name: 'default' will be used as a default pool if no optionis provided during bucket creation.If default placement is not provided, spec.sharedPools.dataPoolName and spec.sharedPools.MetadataPoolName will be used as default pools.If spec.sharedPools are also empty, then RGW pools (spec.dataPool and spec.metadataPool) will be used as defaults.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "data_non_ec_pool_name": schema.StringAttribute{ - Description: "The data pool used to store ObjectStore data that cannot use erasure coding (ex: multi-part uploads).If dataPoolName is not erasure coded, then there is no need for dataNonECPoolName.", - MarkdownDescription: "The data pool used to store ObjectStore data that cannot use erasure coding (ex: multi-part uploads).If dataPoolName is not erasure coded, then there is no need for dataNonECPoolName.", - Required: false, - Optional: true, - Computed: false, - }, - - "data_pool_name": schema.StringAttribute{ - Description: "The data pool used to store ObjectStore objects data.", - MarkdownDescription: "The data pool used to store ObjectStore objects data.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - }, - }, - - "metadata_pool_name": schema.StringAttribute{ - Description: "The metadata pool used to store ObjectStore bucket index.", - MarkdownDescription: "The metadata pool used to store ObjectStore bucket index.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - }, - }, - - "name": schema.StringAttribute{ - Description: "Pool placement name. Name can be arbitrary. Placement with name 'default' will be used as default.", - MarkdownDescription: "Pool placement name. Name can be arbitrary. Placement with name 'default' will be used as default.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-zA-Z0-9._/-]+$`), ""), - }, - }, - - "storage_classes": schema.ListNestedAttribute{ - Description: "StorageClasses can be selected by user to override dataPoolName during object creation.Each placement has default STANDARD StorageClass pointing to dataPoolName.This list allows defining additional StorageClasses on top of default STANDARD storage class.", - MarkdownDescription: "StorageClasses can be selected by user to override dataPoolName during object creation.Each placement has default STANDARD StorageClass pointing to dataPoolName.This list allows defining additional StorageClasses on top of default STANDARD storage class.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "data_pool_name": schema.StringAttribute{ - Description: "DataPoolName is the data pool used to store ObjectStore objects data.", - MarkdownDescription: "DataPoolName is the data pool used to store ObjectStore objects data.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - }, - }, - - "name": schema.StringAttribute{ - Description: "Name is the StorageClass name. Ceph allows arbitrary name for StorageClasses,however most clients/libs insist on AWS names so it is recommended to useone of the valid x-amz-storage-class values for better compatibility:REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONESee AWS docs: https://aws.amazon.com/de/s3/storage-classes/", - MarkdownDescription: "Name is the StorageClass name. Ceph allows arbitrary name for StorageClasses,however most clients/libs insist on AWS names so it is recommended to useone of the valid x-amz-storage-class values for better compatibility:REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONESee AWS docs: https://aws.amazon.com/de/s3/storage-classes/", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-zA-Z0-9._/-]+$`), ""), - }, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "preserve_rados_namespace_data_on_delete": schema.BoolAttribute{ Description: "Whether the RADOS namespaces should be preserved on deletion of the object store", MarkdownDescription: "Whether the RADOS namespaces should be preserved on deletion of the object store", diff --git a/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_object_zone_v1_manifest.go b/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_object_zone_v1_manifest.go index 9de2c1a17..b12efb59a 100644 --- a/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_object_zone_v1_manifest.go +++ b/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_object_zone_v1_manifest.go @@ -148,19 +148,9 @@ type CephRookIoCephObjectZoneV1ManifestData struct { } `tfsdk:"metadata_pool" json:"metadataPool,omitempty"` PreservePoolsOnDelete *bool `tfsdk:"preserve_pools_on_delete" json:"preservePoolsOnDelete,omitempty"` SharedPools *struct { - DataPoolName *string `tfsdk:"data_pool_name" json:"dataPoolName,omitempty"` - MetadataPoolName *string `tfsdk:"metadata_pool_name" json:"metadataPoolName,omitempty"` - PoolPlacements *[]struct { - DataNonECPoolName *string `tfsdk:"data_non_ec_pool_name" json:"dataNonECPoolName,omitempty"` - DataPoolName *string `tfsdk:"data_pool_name" json:"dataPoolName,omitempty"` - MetadataPoolName *string `tfsdk:"metadata_pool_name" json:"metadataPoolName,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - StorageClasses *[]struct { - DataPoolName *string `tfsdk:"data_pool_name" json:"dataPoolName,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"storage_classes" json:"storageClasses,omitempty"` - } `tfsdk:"pool_placements" json:"poolPlacements,omitempty"` - PreserveRadosNamespaceDataOnDelete *bool `tfsdk:"preserve_rados_namespace_data_on_delete" json:"preserveRadosNamespaceDataOnDelete,omitempty"` + DataPoolName *string `tfsdk:"data_pool_name" json:"dataPoolName,omitempty"` + MetadataPoolName *string `tfsdk:"metadata_pool_name" json:"metadataPoolName,omitempty"` + PreserveRadosNamespaceDataOnDelete *bool `tfsdk:"preserve_rados_namespace_data_on_delete" json:"preserveRadosNamespaceDataOnDelete,omitempty"` } `tfsdk:"shared_pools" json:"sharedPools,omitempty"` ZoneGroup *string `tfsdk:"zone_group" json:"zoneGroup,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` @@ -983,106 +973,19 @@ func (r *CephRookIoCephObjectZoneV1Manifest) Schema(_ context.Context, _ datasou "data_pool_name": schema.StringAttribute{ Description: "The data pool used for creating RADOS namespaces in the object store", MarkdownDescription: "The data pool used for creating RADOS namespaces in the object store", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, }, "metadata_pool_name": schema.StringAttribute{ Description: "The metadata pool used for creating RADOS namespaces in the object store", MarkdownDescription: "The metadata pool used for creating RADOS namespaces in the object store", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, }, - "pool_placements": schema.ListNestedAttribute{ - Description: "PoolPlacements control which Pools are associated with a particular RGW bucket.Once PoolPlacements are defined, RGW client will be able to associate poolwith ObjectStore bucket by providing '' during s3 bucket creationor 'X-Storage-Policy' header during swift container creation.See: https://docs.ceph.com/en/latest/radosgw/placement/#placement-targetsPoolPlacement with name: 'default' will be used as a default pool if no optionis provided during bucket creation.If default placement is not provided, spec.sharedPools.dataPoolName and spec.sharedPools.MetadataPoolName will be used as default pools.If spec.sharedPools are also empty, then RGW pools (spec.dataPool and spec.metadataPool) will be used as defaults.", - MarkdownDescription: "PoolPlacements control which Pools are associated with a particular RGW bucket.Once PoolPlacements are defined, RGW client will be able to associate poolwith ObjectStore bucket by providing '' during s3 bucket creationor 'X-Storage-Policy' header during swift container creation.See: https://docs.ceph.com/en/latest/radosgw/placement/#placement-targetsPoolPlacement with name: 'default' will be used as a default pool if no optionis provided during bucket creation.If default placement is not provided, spec.sharedPools.dataPoolName and spec.sharedPools.MetadataPoolName will be used as default pools.If spec.sharedPools are also empty, then RGW pools (spec.dataPool and spec.metadataPool) will be used as defaults.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "data_non_ec_pool_name": schema.StringAttribute{ - Description: "The data pool used to store ObjectStore data that cannot use erasure coding (ex: multi-part uploads).If dataPoolName is not erasure coded, then there is no need for dataNonECPoolName.", - MarkdownDescription: "The data pool used to store ObjectStore data that cannot use erasure coding (ex: multi-part uploads).If dataPoolName is not erasure coded, then there is no need for dataNonECPoolName.", - Required: false, - Optional: true, - Computed: false, - }, - - "data_pool_name": schema.StringAttribute{ - Description: "The data pool used to store ObjectStore objects data.", - MarkdownDescription: "The data pool used to store ObjectStore objects data.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - }, - }, - - "metadata_pool_name": schema.StringAttribute{ - Description: "The metadata pool used to store ObjectStore bucket index.", - MarkdownDescription: "The metadata pool used to store ObjectStore bucket index.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - }, - }, - - "name": schema.StringAttribute{ - Description: "Pool placement name. Name can be arbitrary. Placement with name 'default' will be used as default.", - MarkdownDescription: "Pool placement name. Name can be arbitrary. Placement with name 'default' will be used as default.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-zA-Z0-9._/-]+$`), ""), - }, - }, - - "storage_classes": schema.ListNestedAttribute{ - Description: "StorageClasses can be selected by user to override dataPoolName during object creation.Each placement has default STANDARD StorageClass pointing to dataPoolName.This list allows defining additional StorageClasses on top of default STANDARD storage class.", - MarkdownDescription: "StorageClasses can be selected by user to override dataPoolName during object creation.Each placement has default STANDARD StorageClass pointing to dataPoolName.This list allows defining additional StorageClasses on top of default STANDARD storage class.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "data_pool_name": schema.StringAttribute{ - Description: "DataPoolName is the data pool used to store ObjectStore objects data.", - MarkdownDescription: "DataPoolName is the data pool used to store ObjectStore objects data.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - }, - }, - - "name": schema.StringAttribute{ - Description: "Name is the StorageClass name. Ceph allows arbitrary name for StorageClasses,however most clients/libs insist on AWS names so it is recommended to useone of the valid x-amz-storage-class values for better compatibility:REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONESee AWS docs: https://aws.amazon.com/de/s3/storage-classes/", - MarkdownDescription: "Name is the StorageClass name. Ceph allows arbitrary name for StorageClasses,however most clients/libs insist on AWS names so it is recommended to useone of the valid x-amz-storage-class values for better compatibility:REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONESee AWS docs: https://aws.amazon.com/de/s3/storage-classes/", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtLeast(1), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-zA-Z0-9._/-]+$`), ""), - }, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "preserve_rados_namespace_data_on_delete": schema.BoolAttribute{ Description: "Whether the RADOS namespaces should be preserved on deletion of the object store", MarkdownDescription: "Whether the RADOS namespaces should be preserved on deletion of the object store", diff --git a/internal/provider/cilium_io_v2/cilium_io_cilium_clusterwide_envoy_config_v2_manifest.go b/internal/provider/cilium_io_v2/cilium_io_cilium_clusterwide_envoy_config_v2_manifest.go index de63ae7b6..79a23e8a2 100644 --- a/internal/provider/cilium_io_v2/cilium_io_cilium_clusterwide_envoy_config_v2_manifest.go +++ b/internal/provider/cilium_io_v2/cilium_io_cilium_clusterwide_envoy_config_v2_manifest.go @@ -131,29 +131,29 @@ func (r *CiliumIoCiliumClusterwideEnvoyConfigV2Manifest) Schema(_ context.Contex MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "backend_services": schema.ListNestedAttribute{ - Description: "BackendServices specifies Kubernetes services whose backendsare automatically synced to Envoy using EDS. Traffic for theseservices is not forwarded to an Envoy listener. This allows anEnvoy listener load balance traffic to these backends whilenormal Cilium service load balancing takes care of balancingtraffic for these services at the same time.", - MarkdownDescription: "BackendServices specifies Kubernetes services whose backendsare automatically synced to Envoy using EDS. Traffic for theseservices is not forwarded to an Envoy listener. This allows anEnvoy listener load balance traffic to these backends whilenormal Cilium service load balancing takes care of balancingtraffic for these services at the same time.", + Description: "BackendServices specifies Kubernetes services whose backends are automatically synced to Envoy using EDS. Traffic for these services is not forwarded to an Envoy listener. This allows an Envoy listener load balance traffic to these backends while normal Cilium service load balancing takes care of balancing traffic for these services at the same time.", + MarkdownDescription: "BackendServices specifies Kubernetes services whose backends are automatically synced to Envoy using EDS. Traffic for these services is not forwarded to an Envoy listener. This allows an Envoy listener load balance traffic to these backends while normal Cilium service load balancing takes care of balancing traffic for these services at the same time.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.", - MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.", + Description: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected.", + MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected.", Required: true, Optional: false, Computed: false, }, "namespace": schema.StringAttribute{ - Description: "Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace defaults to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", - MarkdownDescription: "Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace defaults to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", + Description: "Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace defaults to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", + MarkdownDescription: "Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace defaults to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", Required: false, Optional: true, Computed: false, }, "number": schema.ListAttribute{ - Description: "Ports is a set of port numbers, which can be used for filtering in case of underlyingis exposing multiple port numbers.", - MarkdownDescription: "Ports is a set of port numbers, which can be used for filtering in case of underlyingis exposing multiple port numbers.", + Description: "Ports is a set of port numbers, which can be used for filtering in case of underlying is exposing multiple port numbers.", + MarkdownDescription: "Ports is a set of port numbers, which can be used for filtering in case of underlying is exposing multiple port numbers.", ElementType: types.StringType, Required: false, Optional: true, @@ -167,8 +167,8 @@ func (r *CiliumIoCiliumClusterwideEnvoyConfigV2Manifest) Schema(_ context.Contex }, "node_selector": schema.SingleNestedAttribute{ - Description: "NodeSelector is a label selector that determines to which nodesthis configuration applies.If nil, then this config applies to all nodes.", - MarkdownDescription: "NodeSelector is a label selector that determines to which nodesthis configuration applies.If nil, then this config applies to all nodes.", + Description: "NodeSelector is a label selector that determines to which nodes this configuration applies. If nil, then this config applies to all nodes.", + MarkdownDescription: "NodeSelector is a label selector that determines to which nodes this configuration applies. If nil, then this config applies to all nodes.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -184,8 +184,8 @@ func (r *CiliumIoCiliumClusterwideEnvoyConfigV2Manifest) Schema(_ context.Contex }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -195,8 +195,8 @@ func (r *CiliumIoCiliumClusterwideEnvoyConfigV2Manifest) Schema(_ context.Contex }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -210,8 +210,8 @@ func (r *CiliumIoCiliumClusterwideEnvoyConfigV2Manifest) Schema(_ context.Contex }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -224,46 +224,46 @@ func (r *CiliumIoCiliumClusterwideEnvoyConfigV2Manifest) Schema(_ context.Contex }, "resources": schema.ListAttribute{ - Description: "Envoy xDS resources, a list of the following Envoy resource types:type.googleapis.com/envoy.config.listener.v3.Listener,type.googleapis.com/envoy.config.route.v3.RouteConfiguration,type.googleapis.com/envoy.config.cluster.v3.Cluster,type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, andtype.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret.", - MarkdownDescription: "Envoy xDS resources, a list of the following Envoy resource types:type.googleapis.com/envoy.config.listener.v3.Listener,type.googleapis.com/envoy.config.route.v3.RouteConfiguration,type.googleapis.com/envoy.config.cluster.v3.Cluster,type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, andtype.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret.", + Description: "Envoy xDS resources, a list of the following Envoy resource types: type.googleapis.com/envoy.config.listener.v3.Listener, type.googleapis.com/envoy.config.route.v3.RouteConfiguration, type.googleapis.com/envoy.config.cluster.v3.Cluster, type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, and type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret.", + MarkdownDescription: "Envoy xDS resources, a list of the following Envoy resource types: type.googleapis.com/envoy.config.listener.v3.Listener, type.googleapis.com/envoy.config.route.v3.RouteConfiguration, type.googleapis.com/envoy.config.cluster.v3.Cluster, type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, and type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret.", ElementType: types.MapType{ElemType: types.StringType}, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, "services": schema.ListNestedAttribute{ - Description: "Services specifies Kubernetes services for which traffic isforwarded to an Envoy listener for L7 load balancing. Backendsof these services are automatically synced to Envoy usign EDS.", - MarkdownDescription: "Services specifies Kubernetes services for which traffic isforwarded to an Envoy listener for L7 load balancing. Backendsof these services are automatically synced to Envoy usign EDS.", + Description: "Services specifies Kubernetes services for which traffic is forwarded to an Envoy listener for L7 load balancing. Backends of these services are automatically synced to Envoy usign EDS.", + MarkdownDescription: "Services specifies Kubernetes services for which traffic is forwarded to an Envoy listener for L7 load balancing. Backends of these services are automatically synced to Envoy usign EDS.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.StringAttribute{ - Description: "Listener specifies the name of the Envoy listener theservice traffic is redirected to. The listener must bespecified in the Envoy 'resources' of the sameCiliumEnvoyConfig.If omitted, the first listener specified in 'resources' isused.", - MarkdownDescription: "Listener specifies the name of the Envoy listener theservice traffic is redirected to. The listener must bespecified in the Envoy 'resources' of the sameCiliumEnvoyConfig.If omitted, the first listener specified in 'resources' isused.", + Description: "Listener specifies the name of the Envoy listener the service traffic is redirected to. The listener must be specified in the Envoy 'resources' of the same CiliumEnvoyConfig. If omitted, the first listener specified in 'resources' is used.", + MarkdownDescription: "Listener specifies the name of the Envoy listener the service traffic is redirected to. The listener must be specified in the Envoy 'resources' of the same CiliumEnvoyConfig. If omitted, the first listener specified in 'resources' is used.", Required: false, Optional: true, Computed: false, }, "name": schema.StringAttribute{ - Description: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.", - MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.", + Description: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected.", + MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected.", Required: true, Optional: false, Computed: false, }, "namespace": schema.StringAttribute{ - Description: "Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", - MarkdownDescription: "Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", + Description: "Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", + MarkdownDescription: "Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", Required: false, Optional: true, Computed: false, }, "ports": schema.ListAttribute{ - Description: "Ports is a set of service's frontend ports that should be redirected to the Envoylistener. By default all frontend ports of the service are redirected.", - MarkdownDescription: "Ports is a set of service's frontend ports that should be redirected to the Envoylistener. By default all frontend ports of the service are redirected.", + Description: "Ports is a set of service's frontend ports that should be redirected to the Envoy listener. By default all frontend ports of the service are redirected.", + MarkdownDescription: "Ports is a set of service's frontend ports that should be redirected to the Envoy listener. By default all frontend ports of the service are redirected.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/cilium_io_v2/cilium_io_cilium_clusterwide_network_policy_v2_manifest.go b/internal/provider/cilium_io_v2/cilium_io_cilium_clusterwide_network_policy_v2_manifest.go index dc4740305..5e1402bfc 100644 --- a/internal/provider/cilium_io_v2/cilium_io_cilium_clusterwide_network_policy_v2_manifest.go +++ b/internal/provider/cilium_io_v2/cilium_io_cilium_clusterwide_network_policy_v2_manifest.go @@ -855,8 +855,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Metadata(_ context.Co func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with anmodified version of CiliumNetworkPolicy which is cluster scoped rather thannamespace scoped.", - MarkdownDescription: "CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with anmodified version of CiliumNetworkPolicy which is cluster scoped rather thannamespace scoped.", + Description: "CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with an modified version of CiliumNetworkPolicy which is cluster scoped rather than namespace scoped.", + MarkdownDescription: "CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with an modified version of CiliumNetworkPolicy which is cluster scoped rather than namespace scoped.", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", @@ -915,16 +915,16 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont MarkdownDescription: "Spec is the desired Cilium specific rule specification.", Attributes: map[string]schema.Attribute{ "description": schema.StringAttribute{ - Description: "Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment.", - MarkdownDescription: "Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment.", + Description: "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", + MarkdownDescription: "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", Required: false, Optional: true, Computed: false, }, "egress": schema.ListNestedAttribute{ - Description: "Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress.", - MarkdownDescription: "Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress.", + Description: "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", + MarkdownDescription: "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "authentication": schema.SingleNestedAttribute{ @@ -948,8 +948,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -958,8 +958,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -969,8 +969,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -989,8 +989,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_cidr": schema.ListAttribute{ - Description: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", - MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", + Description: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", + MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", ElementType: types.StringType, Required: false, Optional: true, @@ -998,8 +998,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_cidr_set": schema.ListNestedAttribute{ - Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", - MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -1011,8 +1011,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -1023,8 +1023,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -1038,8 +1038,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_endpoints": schema.ListNestedAttribute{ - Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", - MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", + Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", + MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -1056,8 +1056,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1067,8 +1067,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1082,8 +1082,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1097,8 +1097,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_entities": schema.ListAttribute{ - Description: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", - MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", + Description: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", + MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", ElementType: types.StringType, Required: false, Optional: true, @@ -1106,13 +1106,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_fqd_ns": schema.ListNestedAttribute{ - Description: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules.", - MarkdownDescription: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules.", + Description: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules.", + MarkdownDescription: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -1122,8 +1122,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -1139,8 +1139,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_groups": schema.ListNestedAttribute{ - Description: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -1194,8 +1194,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_nodes": schema.ListNestedAttribute{ - Description: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", - MarkdownDescription: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + Description: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", + MarkdownDescription: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -1212,8 +1212,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1223,8 +1223,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1238,8 +1238,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1253,21 +1253,21 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.SingleNestedAttribute{ - Description: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", - MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", + Description: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", + MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", Attributes: map[string]schema.Attribute{ "envoy_config": schema.SingleNestedAttribute{ - Description: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", - MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", + Description: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", + MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", - MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", + Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", + MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", Required: false, Optional: true, Computed: false, @@ -1277,8 +1277,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "name": schema.StringAttribute{ - Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", - MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", + Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", + MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", Required: true, Optional: false, Computed: false, @@ -1304,8 +1304,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "priority": schema.Int64Attribute{ - Description: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", - MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", + Description: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", + MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", Required: false, Optional: true, Computed: false, @@ -1321,28 +1321,28 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "originating_tls": schema.SingleNestedAttribute{ - Description: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", - MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", + Description: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -1353,8 +1353,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -1366,8 +1366,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -1396,8 +1396,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -1407,8 +1407,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -1424,8 +1424,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "rules": schema.SingleNestedAttribute{ - Description: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", - MarkdownDescription: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", + Description: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + MarkdownDescription: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", Attributes: map[string]schema.Attribute{ "dns": schema.ListNestedAttribute{ Description: "DNS-specific rules.", @@ -1433,8 +1433,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -1444,8 +1444,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -1466,13 +1466,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "header_matches": schema.ListNestedAttribute{ - Description: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", - MarkdownDescription: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", + Description: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + MarkdownDescription: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mismatch": schema.StringAttribute{ - Description: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", - MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", + Description: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", Required: false, Optional: true, Computed: false, @@ -1493,8 +1493,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "secret": schema.SingleNestedAttribute{ - Description: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", - MarkdownDescription: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", + Description: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", + MarkdownDescription: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -1505,8 +1505,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -1518,8 +1518,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "value": schema.StringAttribute{ - Description: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", - MarkdownDescription: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", + Description: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", + MarkdownDescription: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", Required: false, Optional: true, Computed: false, @@ -1532,8 +1532,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "headers": schema.ListAttribute{ - Description: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", - MarkdownDescription: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", + Description: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + MarkdownDescription: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", ElementType: types.StringType, Required: false, Optional: true, @@ -1541,24 +1541,24 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "host": schema.StringAttribute{ - Description: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", - MarkdownDescription: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", + Description: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", + MarkdownDescription: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", Required: false, Optional: true, Computed: false, }, "method": schema.StringAttribute{ - Description: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", - MarkdownDescription: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", + Description: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", + MarkdownDescription: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", - MarkdownDescription: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", + Description: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", + MarkdownDescription: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", Required: false, Optional: true, Computed: false, @@ -1576,32 +1576,32 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_key": schema.StringAttribute{ - Description: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", - MarkdownDescription: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", + Description: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", + MarkdownDescription: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, }, "api_version": schema.StringAttribute{ - Description: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", - MarkdownDescription: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", + Description: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", + MarkdownDescription: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", Required: false, Optional: true, Computed: false, }, "client_id": schema.StringAttribute{ - Description: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", - MarkdownDescription: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", + Description: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", + MarkdownDescription: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", Required: false, Optional: true, Computed: false, }, "role": schema.StringAttribute{ - Description: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", - MarkdownDescription: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", + Description: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + MarkdownDescription: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, @@ -1611,8 +1611,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "topic": schema.StringAttribute{ - Description: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", - MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", + Description: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", + MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", Required: false, Optional: true, Computed: false, @@ -1650,8 +1650,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "server_names": schema.ListAttribute{ - Description: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", - MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", + Description: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", + MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", ElementType: types.StringType, Required: false, Optional: true, @@ -1659,28 +1659,28 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "terminating_tls": schema.SingleNestedAttribute{ - Description: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", - MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", + Description: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -1691,8 +1691,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -1704,8 +1704,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -1723,8 +1723,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_requires": schema.ListNestedAttribute{ - Description: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", - MarkdownDescription: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", + Description: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", + MarkdownDescription: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -1741,8 +1741,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1752,8 +1752,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1767,8 +1767,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1782,8 +1782,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_services": schema.ListNestedAttribute{ - Description: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", - MarkdownDescription: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", + Description: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", + MarkdownDescription: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "k8s_service": schema.SingleNestedAttribute{ @@ -1841,8 +1841,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1852,8 +1852,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1867,8 +1867,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1898,13 +1898,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "egress_deny": schema.ListNestedAttribute{ - Description: "EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress.", - MarkdownDescription: "EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress.", + Description: "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", + MarkdownDescription: "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -1913,8 +1913,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -1924,8 +1924,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -1944,8 +1944,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_cidr": schema.ListAttribute{ - Description: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", - MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", + Description: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", + MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", ElementType: types.StringType, Required: false, Optional: true, @@ -1953,8 +1953,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_cidr_set": schema.ListNestedAttribute{ - Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", - MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -1966,8 +1966,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -1978,8 +1978,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -1993,8 +1993,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_endpoints": schema.ListNestedAttribute{ - Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", - MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", + Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", + MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2011,8 +2011,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2022,8 +2022,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2037,8 +2037,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2052,8 +2052,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_entities": schema.ListAttribute{ - Description: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", - MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", + Description: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", + MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", ElementType: types.StringType, Required: false, Optional: true, @@ -2061,8 +2061,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_groups": schema.ListNestedAttribute{ - Description: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -2116,8 +2116,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_nodes": schema.ListNestedAttribute{ - Description: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", - MarkdownDescription: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + Description: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", + MarkdownDescription: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2134,8 +2134,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2145,8 +2145,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2160,8 +2160,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2175,8 +2175,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ @@ -2197,8 +2197,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -2208,8 +2208,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -2231,8 +2231,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_requires": schema.ListNestedAttribute{ - Description: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", - MarkdownDescription: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", + Description: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", + MarkdownDescription: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2249,8 +2249,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2260,8 +2260,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2275,8 +2275,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2290,8 +2290,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_services": schema.ListNestedAttribute{ - Description: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", - MarkdownDescription: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", + Description: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", + MarkdownDescription: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "k8s_service": schema.SingleNestedAttribute{ @@ -2349,8 +2349,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2360,8 +2360,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2375,8 +2375,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2406,20 +2406,20 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "enable_default_deny": schema.SingleNestedAttribute{ - Description: "EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode.", - MarkdownDescription: "EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode.", + Description: "EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode.", + MarkdownDescription: "EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode.", Attributes: map[string]schema.Attribute{ "egress": schema.BoolAttribute{ - Description: "Whether or not the endpoint should have a default-deny rule appliedto egress traffic.", - MarkdownDescription: "Whether or not the endpoint should have a default-deny rule appliedto egress traffic.", + Description: "Whether or not the endpoint should have a default-deny rule applied to egress traffic.", + MarkdownDescription: "Whether or not the endpoint should have a default-deny rule applied to egress traffic.", Required: false, Optional: true, Computed: false, }, "ingress": schema.BoolAttribute{ - Description: "Whether or not the endpoint should have a default-deny rule appliedto ingress traffic.", - MarkdownDescription: "Whether or not the endpoint should have a default-deny rule appliedto ingress traffic.", + Description: "Whether or not the endpoint should have a default-deny rule applied to ingress traffic.", + MarkdownDescription: "Whether or not the endpoint should have a default-deny rule applied to ingress traffic.", Required: false, Optional: true, Computed: false, @@ -2431,8 +2431,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "endpoint_selector": schema.SingleNestedAttribute{ - Description: "EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive.", - MarkdownDescription: "EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive.", + Description: "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", + MarkdownDescription: "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -2448,8 +2448,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2459,8 +2459,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2474,8 +2474,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2488,8 +2488,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "ingress": schema.ListNestedAttribute{ - Description: "Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress.", - MarkdownDescription: "Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress.", + Description: "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", + MarkdownDescription: "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "authentication": schema.SingleNestedAttribute{ @@ -2513,8 +2513,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_cidr": schema.ListAttribute{ - Description: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", - MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", + Description: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", + MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", ElementType: types.StringType, Required: false, Optional: true, @@ -2522,8 +2522,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_cidr_set": schema.ListNestedAttribute{ - Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", - MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -2535,8 +2535,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -2547,8 +2547,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -2562,8 +2562,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_endpoints": schema.ListNestedAttribute{ - Description: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", - MarkdownDescription: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", + Description: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", + MarkdownDescription: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2580,8 +2580,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2591,8 +2591,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2606,8 +2606,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2621,8 +2621,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_entities": schema.ListAttribute{ - Description: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", - MarkdownDescription: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", + Description: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", + MarkdownDescription: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", ElementType: types.StringType, Required: false, Optional: true, @@ -2630,8 +2630,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_groups": schema.ListNestedAttribute{ - Description: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -2685,8 +2685,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_nodes": schema.ListNestedAttribute{ - Description: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", - MarkdownDescription: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", + Description: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", + MarkdownDescription: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2703,8 +2703,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2714,8 +2714,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2729,8 +2729,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2744,8 +2744,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_requires": schema.ListNestedAttribute{ - Description: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", - MarkdownDescription: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", + Description: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", + MarkdownDescription: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2762,8 +2762,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2773,8 +2773,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2788,8 +2788,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2803,8 +2803,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -2813,8 +2813,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -2824,8 +2824,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -2844,21 +2844,21 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp.", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp.", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp.", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.SingleNestedAttribute{ - Description: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", - MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", + Description: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", + MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", Attributes: map[string]schema.Attribute{ "envoy_config": schema.SingleNestedAttribute{ - Description: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", - MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", + Description: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", + MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", - MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", + Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", + MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", Required: false, Optional: true, Computed: false, @@ -2868,8 +2868,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "name": schema.StringAttribute{ - Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", - MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", + Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", + MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", Required: true, Optional: false, Computed: false, @@ -2895,8 +2895,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "priority": schema.Int64Attribute{ - Description: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", - MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", + Description: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", + MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", Required: false, Optional: true, Computed: false, @@ -2912,28 +2912,28 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "originating_tls": schema.SingleNestedAttribute{ - Description: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", - MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", + Description: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -2944,8 +2944,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -2957,8 +2957,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -2987,8 +2987,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -2998,8 +2998,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -3015,8 +3015,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "rules": schema.SingleNestedAttribute{ - Description: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", - MarkdownDescription: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", + Description: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + MarkdownDescription: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", Attributes: map[string]schema.Attribute{ "dns": schema.ListNestedAttribute{ Description: "DNS-specific rules.", @@ -3024,8 +3024,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -3035,8 +3035,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -3057,13 +3057,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "header_matches": schema.ListNestedAttribute{ - Description: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", - MarkdownDescription: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", + Description: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + MarkdownDescription: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mismatch": schema.StringAttribute{ - Description: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", - MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", + Description: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", Required: false, Optional: true, Computed: false, @@ -3084,8 +3084,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "secret": schema.SingleNestedAttribute{ - Description: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", - MarkdownDescription: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", + Description: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", + MarkdownDescription: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -3096,8 +3096,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -3109,8 +3109,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "value": schema.StringAttribute{ - Description: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", - MarkdownDescription: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", + Description: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", + MarkdownDescription: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", Required: false, Optional: true, Computed: false, @@ -3123,8 +3123,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "headers": schema.ListAttribute{ - Description: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", - MarkdownDescription: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", + Description: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + MarkdownDescription: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", ElementType: types.StringType, Required: false, Optional: true, @@ -3132,24 +3132,24 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "host": schema.StringAttribute{ - Description: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", - MarkdownDescription: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", + Description: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", + MarkdownDescription: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", Required: false, Optional: true, Computed: false, }, "method": schema.StringAttribute{ - Description: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", - MarkdownDescription: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", + Description: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", + MarkdownDescription: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", - MarkdownDescription: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", + Description: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", + MarkdownDescription: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", Required: false, Optional: true, Computed: false, @@ -3167,32 +3167,32 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_key": schema.StringAttribute{ - Description: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", - MarkdownDescription: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", + Description: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", + MarkdownDescription: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, }, "api_version": schema.StringAttribute{ - Description: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", - MarkdownDescription: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", + Description: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", + MarkdownDescription: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", Required: false, Optional: true, Computed: false, }, "client_id": schema.StringAttribute{ - Description: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", - MarkdownDescription: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", + Description: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", + MarkdownDescription: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", Required: false, Optional: true, Computed: false, }, "role": schema.StringAttribute{ - Description: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", - MarkdownDescription: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", + Description: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + MarkdownDescription: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, @@ -3202,8 +3202,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "topic": schema.StringAttribute{ - Description: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", - MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", + Description: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", + MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", Required: false, Optional: true, Computed: false, @@ -3241,8 +3241,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "server_names": schema.ListAttribute{ - Description: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", - MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", + Description: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", + MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", ElementType: types.StringType, Required: false, Optional: true, @@ -3250,28 +3250,28 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "terminating_tls": schema.SingleNestedAttribute{ - Description: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", - MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", + Description: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -3282,8 +3282,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -3295,8 +3295,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -3320,13 +3320,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "ingress_deny": schema.ListNestedAttribute{ - Description: "IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress.", - MarkdownDescription: "IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress.", + Description: "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", + MarkdownDescription: "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "from_cidr": schema.ListAttribute{ - Description: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", - MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", + Description: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", + MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", ElementType: types.StringType, Required: false, Optional: true, @@ -3334,8 +3334,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_cidr_set": schema.ListNestedAttribute{ - Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", - MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -3347,8 +3347,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -3359,8 +3359,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -3374,8 +3374,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_endpoints": schema.ListNestedAttribute{ - Description: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", - MarkdownDescription: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", + Description: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", + MarkdownDescription: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -3392,8 +3392,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3403,8 +3403,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3418,8 +3418,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3433,8 +3433,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_entities": schema.ListAttribute{ - Description: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", - MarkdownDescription: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", + Description: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", + MarkdownDescription: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", ElementType: types.StringType, Required: false, Optional: true, @@ -3442,8 +3442,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_groups": schema.ListNestedAttribute{ - Description: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -3497,8 +3497,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_nodes": schema.ListNestedAttribute{ - Description: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", - MarkdownDescription: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", + Description: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", + MarkdownDescription: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -3515,8 +3515,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3526,8 +3526,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3541,8 +3541,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3556,8 +3556,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_requires": schema.ListNestedAttribute{ - Description: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", - MarkdownDescription: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", + Description: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", + MarkdownDescription: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -3574,8 +3574,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3585,8 +3585,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3600,8 +3600,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3615,8 +3615,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -3625,8 +3625,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -3636,8 +3636,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -3656,8 +3656,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp.", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp.", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp.", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ @@ -3678,8 +3678,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -3689,8 +3689,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -3718,8 +3718,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "labels": schema.ListNestedAttribute{ - Description: "Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels.", - MarkdownDescription: "Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels.", + Description: "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", + MarkdownDescription: "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -3753,8 +3753,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "node_selector": schema.SingleNestedAttribute{ - Description: "NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", - MarkdownDescription: "NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + Description: "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + MarkdownDescription: "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3770,8 +3770,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3781,8 +3781,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3796,8 +3796,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3820,16 +3820,16 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "description": schema.StringAttribute{ - Description: "Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment.", - MarkdownDescription: "Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment.", + Description: "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", + MarkdownDescription: "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", Required: false, Optional: true, Computed: false, }, "egress": schema.ListNestedAttribute{ - Description: "Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress.", - MarkdownDescription: "Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress.", + Description: "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", + MarkdownDescription: "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "authentication": schema.SingleNestedAttribute{ @@ -3853,8 +3853,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -3863,8 +3863,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -3874,8 +3874,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -3894,8 +3894,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_cidr": schema.ListAttribute{ - Description: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", - MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", + Description: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", + MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", ElementType: types.StringType, Required: false, Optional: true, @@ -3903,8 +3903,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_cidr_set": schema.ListNestedAttribute{ - Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", - MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -3916,8 +3916,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -3928,8 +3928,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -3943,8 +3943,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_endpoints": schema.ListNestedAttribute{ - Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", - MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", + Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", + MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -3961,8 +3961,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3972,8 +3972,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3987,8 +3987,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4002,8 +4002,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_entities": schema.ListAttribute{ - Description: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", - MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", + Description: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", + MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", ElementType: types.StringType, Required: false, Optional: true, @@ -4011,13 +4011,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_fqd_ns": schema.ListNestedAttribute{ - Description: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules.", - MarkdownDescription: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules.", + Description: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules.", + MarkdownDescription: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -4027,8 +4027,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -4044,8 +4044,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_groups": schema.ListNestedAttribute{ - Description: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -4099,8 +4099,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_nodes": schema.ListNestedAttribute{ - Description: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", - MarkdownDescription: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + Description: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", + MarkdownDescription: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -4117,8 +4117,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -4128,8 +4128,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -4143,8 +4143,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4158,21 +4158,21 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.SingleNestedAttribute{ - Description: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", - MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", + Description: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", + MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", Attributes: map[string]schema.Attribute{ "envoy_config": schema.SingleNestedAttribute{ - Description: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", - MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", + Description: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", + MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", - MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", + Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", + MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", Required: false, Optional: true, Computed: false, @@ -4182,8 +4182,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "name": schema.StringAttribute{ - Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", - MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", + Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", + MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", Required: true, Optional: false, Computed: false, @@ -4209,8 +4209,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "priority": schema.Int64Attribute{ - Description: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", - MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", + Description: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", + MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", Required: false, Optional: true, Computed: false, @@ -4226,28 +4226,28 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "originating_tls": schema.SingleNestedAttribute{ - Description: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", - MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", + Description: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -4258,8 +4258,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -4271,8 +4271,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -4301,8 +4301,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -4312,8 +4312,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -4329,8 +4329,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "rules": schema.SingleNestedAttribute{ - Description: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", - MarkdownDescription: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", + Description: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + MarkdownDescription: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", Attributes: map[string]schema.Attribute{ "dns": schema.ListNestedAttribute{ Description: "DNS-specific rules.", @@ -4338,8 +4338,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -4349,8 +4349,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -4371,13 +4371,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "header_matches": schema.ListNestedAttribute{ - Description: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", - MarkdownDescription: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", + Description: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + MarkdownDescription: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mismatch": schema.StringAttribute{ - Description: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", - MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", + Description: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", Required: false, Optional: true, Computed: false, @@ -4398,8 +4398,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "secret": schema.SingleNestedAttribute{ - Description: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", - MarkdownDescription: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", + Description: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", + MarkdownDescription: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -4410,8 +4410,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -4423,8 +4423,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "value": schema.StringAttribute{ - Description: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", - MarkdownDescription: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", + Description: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", + MarkdownDescription: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", Required: false, Optional: true, Computed: false, @@ -4437,8 +4437,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "headers": schema.ListAttribute{ - Description: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", - MarkdownDescription: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", + Description: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + MarkdownDescription: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", ElementType: types.StringType, Required: false, Optional: true, @@ -4446,24 +4446,24 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "host": schema.StringAttribute{ - Description: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", - MarkdownDescription: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", + Description: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", + MarkdownDescription: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", Required: false, Optional: true, Computed: false, }, "method": schema.StringAttribute{ - Description: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", - MarkdownDescription: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", + Description: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", + MarkdownDescription: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", - MarkdownDescription: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", + Description: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", + MarkdownDescription: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", Required: false, Optional: true, Computed: false, @@ -4481,32 +4481,32 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_key": schema.StringAttribute{ - Description: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", - MarkdownDescription: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", + Description: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", + MarkdownDescription: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, }, "api_version": schema.StringAttribute{ - Description: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", - MarkdownDescription: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", + Description: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", + MarkdownDescription: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", Required: false, Optional: true, Computed: false, }, "client_id": schema.StringAttribute{ - Description: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", - MarkdownDescription: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", + Description: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", + MarkdownDescription: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", Required: false, Optional: true, Computed: false, }, "role": schema.StringAttribute{ - Description: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", - MarkdownDescription: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", + Description: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + MarkdownDescription: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, @@ -4516,8 +4516,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "topic": schema.StringAttribute{ - Description: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", - MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", + Description: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", + MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", Required: false, Optional: true, Computed: false, @@ -4555,8 +4555,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "server_names": schema.ListAttribute{ - Description: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", - MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", + Description: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", + MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", ElementType: types.StringType, Required: false, Optional: true, @@ -4564,28 +4564,28 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "terminating_tls": schema.SingleNestedAttribute{ - Description: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", - MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", + Description: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -4596,8 +4596,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -4609,8 +4609,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -4628,8 +4628,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_requires": schema.ListNestedAttribute{ - Description: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", - MarkdownDescription: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", + Description: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", + MarkdownDescription: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -4646,8 +4646,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -4657,8 +4657,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -4672,8 +4672,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4687,8 +4687,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_services": schema.ListNestedAttribute{ - Description: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", - MarkdownDescription: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", + Description: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", + MarkdownDescription: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "k8s_service": schema.SingleNestedAttribute{ @@ -4746,8 +4746,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -4757,8 +4757,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -4772,8 +4772,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4803,13 +4803,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "egress_deny": schema.ListNestedAttribute{ - Description: "EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress.", - MarkdownDescription: "EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress.", + Description: "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", + MarkdownDescription: "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -4818,8 +4818,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -4829,8 +4829,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -4849,8 +4849,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_cidr": schema.ListAttribute{ - Description: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", - MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", + Description: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", + MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", ElementType: types.StringType, Required: false, Optional: true, @@ -4858,8 +4858,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_cidr_set": schema.ListNestedAttribute{ - Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", - MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -4871,8 +4871,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -4883,8 +4883,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -4898,8 +4898,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_endpoints": schema.ListNestedAttribute{ - Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", - MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", + Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", + MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -4916,8 +4916,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -4927,8 +4927,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -4942,8 +4942,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4957,8 +4957,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_entities": schema.ListAttribute{ - Description: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", - MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", + Description: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", + MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", ElementType: types.StringType, Required: false, Optional: true, @@ -4966,8 +4966,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_groups": schema.ListNestedAttribute{ - Description: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -5021,8 +5021,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_nodes": schema.ListNestedAttribute{ - Description: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", - MarkdownDescription: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + Description: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", + MarkdownDescription: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5039,8 +5039,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5050,8 +5050,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5065,8 +5065,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5080,8 +5080,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ @@ -5102,8 +5102,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -5113,8 +5113,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -5136,8 +5136,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_requires": schema.ListNestedAttribute{ - Description: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", - MarkdownDescription: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", + Description: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", + MarkdownDescription: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5154,8 +5154,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5165,8 +5165,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5180,8 +5180,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5195,8 +5195,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_services": schema.ListNestedAttribute{ - Description: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", - MarkdownDescription: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", + Description: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", + MarkdownDescription: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "k8s_service": schema.SingleNestedAttribute{ @@ -5254,8 +5254,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5265,8 +5265,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5280,8 +5280,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5311,20 +5311,20 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "enable_default_deny": schema.SingleNestedAttribute{ - Description: "EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode.", - MarkdownDescription: "EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode.", + Description: "EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode.", + MarkdownDescription: "EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode.", Attributes: map[string]schema.Attribute{ "egress": schema.BoolAttribute{ - Description: "Whether or not the endpoint should have a default-deny rule appliedto egress traffic.", - MarkdownDescription: "Whether or not the endpoint should have a default-deny rule appliedto egress traffic.", + Description: "Whether or not the endpoint should have a default-deny rule applied to egress traffic.", + MarkdownDescription: "Whether or not the endpoint should have a default-deny rule applied to egress traffic.", Required: false, Optional: true, Computed: false, }, "ingress": schema.BoolAttribute{ - Description: "Whether or not the endpoint should have a default-deny rule appliedto ingress traffic.", - MarkdownDescription: "Whether or not the endpoint should have a default-deny rule appliedto ingress traffic.", + Description: "Whether or not the endpoint should have a default-deny rule applied to ingress traffic.", + MarkdownDescription: "Whether or not the endpoint should have a default-deny rule applied to ingress traffic.", Required: false, Optional: true, Computed: false, @@ -5336,8 +5336,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "endpoint_selector": schema.SingleNestedAttribute{ - Description: "EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive.", - MarkdownDescription: "EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive.", + Description: "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", + MarkdownDescription: "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -5353,8 +5353,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5364,8 +5364,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5379,8 +5379,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5393,8 +5393,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "ingress": schema.ListNestedAttribute{ - Description: "Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress.", - MarkdownDescription: "Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress.", + Description: "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", + MarkdownDescription: "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "authentication": schema.SingleNestedAttribute{ @@ -5418,8 +5418,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_cidr": schema.ListAttribute{ - Description: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", - MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", + Description: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", + MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", ElementType: types.StringType, Required: false, Optional: true, @@ -5427,8 +5427,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_cidr_set": schema.ListNestedAttribute{ - Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", - MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -5440,8 +5440,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -5452,8 +5452,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -5467,8 +5467,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_endpoints": schema.ListNestedAttribute{ - Description: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", - MarkdownDescription: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", + Description: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", + MarkdownDescription: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5485,8 +5485,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5496,8 +5496,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5511,8 +5511,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5526,8 +5526,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_entities": schema.ListAttribute{ - Description: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", - MarkdownDescription: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", + Description: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", + MarkdownDescription: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", ElementType: types.StringType, Required: false, Optional: true, @@ -5535,8 +5535,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_groups": schema.ListNestedAttribute{ - Description: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -5590,8 +5590,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_nodes": schema.ListNestedAttribute{ - Description: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", - MarkdownDescription: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", + Description: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", + MarkdownDescription: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5608,8 +5608,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5619,8 +5619,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5634,8 +5634,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5649,8 +5649,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_requires": schema.ListNestedAttribute{ - Description: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", - MarkdownDescription: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", + Description: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", + MarkdownDescription: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5667,8 +5667,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5678,8 +5678,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5693,8 +5693,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5708,8 +5708,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -5718,8 +5718,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -5729,8 +5729,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -5749,21 +5749,21 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp.", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp.", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp.", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.SingleNestedAttribute{ - Description: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", - MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", + Description: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", + MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", Attributes: map[string]schema.Attribute{ "envoy_config": schema.SingleNestedAttribute{ - Description: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", - MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", + Description: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", + MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", - MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", + Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", + MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", Required: false, Optional: true, Computed: false, @@ -5773,8 +5773,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "name": schema.StringAttribute{ - Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", - MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", + Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", + MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", Required: true, Optional: false, Computed: false, @@ -5800,8 +5800,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "priority": schema.Int64Attribute{ - Description: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", - MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", + Description: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", + MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", Required: false, Optional: true, Computed: false, @@ -5817,28 +5817,28 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "originating_tls": schema.SingleNestedAttribute{ - Description: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", - MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", + Description: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -5849,8 +5849,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -5862,8 +5862,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -5892,8 +5892,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -5903,8 +5903,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -5920,8 +5920,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "rules": schema.SingleNestedAttribute{ - Description: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", - MarkdownDescription: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", + Description: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + MarkdownDescription: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", Attributes: map[string]schema.Attribute{ "dns": schema.ListNestedAttribute{ Description: "DNS-specific rules.", @@ -5929,8 +5929,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -5940,8 +5940,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -5962,13 +5962,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "header_matches": schema.ListNestedAttribute{ - Description: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", - MarkdownDescription: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", + Description: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + MarkdownDescription: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mismatch": schema.StringAttribute{ - Description: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", - MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", + Description: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", Required: false, Optional: true, Computed: false, @@ -5989,8 +5989,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "secret": schema.SingleNestedAttribute{ - Description: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", - MarkdownDescription: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", + Description: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", + MarkdownDescription: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -6001,8 +6001,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -6014,8 +6014,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "value": schema.StringAttribute{ - Description: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", - MarkdownDescription: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", + Description: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", + MarkdownDescription: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", Required: false, Optional: true, Computed: false, @@ -6028,8 +6028,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "headers": schema.ListAttribute{ - Description: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", - MarkdownDescription: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", + Description: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + MarkdownDescription: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", ElementType: types.StringType, Required: false, Optional: true, @@ -6037,24 +6037,24 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "host": schema.StringAttribute{ - Description: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", - MarkdownDescription: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", + Description: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", + MarkdownDescription: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", Required: false, Optional: true, Computed: false, }, "method": schema.StringAttribute{ - Description: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", - MarkdownDescription: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", + Description: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", + MarkdownDescription: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", - MarkdownDescription: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", + Description: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", + MarkdownDescription: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", Required: false, Optional: true, Computed: false, @@ -6072,32 +6072,32 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_key": schema.StringAttribute{ - Description: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", - MarkdownDescription: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", + Description: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", + MarkdownDescription: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, }, "api_version": schema.StringAttribute{ - Description: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", - MarkdownDescription: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", + Description: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", + MarkdownDescription: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", Required: false, Optional: true, Computed: false, }, "client_id": schema.StringAttribute{ - Description: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", - MarkdownDescription: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", + Description: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", + MarkdownDescription: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", Required: false, Optional: true, Computed: false, }, "role": schema.StringAttribute{ - Description: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", - MarkdownDescription: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", + Description: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + MarkdownDescription: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, @@ -6107,8 +6107,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "topic": schema.StringAttribute{ - Description: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", - MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", + Description: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", + MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", Required: false, Optional: true, Computed: false, @@ -6146,8 +6146,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "server_names": schema.ListAttribute{ - Description: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", - MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", + Description: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", + MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", ElementType: types.StringType, Required: false, Optional: true, @@ -6155,28 +6155,28 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "terminating_tls": schema.SingleNestedAttribute{ - Description: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", - MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", + Description: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -6187,8 +6187,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -6200,8 +6200,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -6225,13 +6225,13 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "ingress_deny": schema.ListNestedAttribute{ - Description: "IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress.", - MarkdownDescription: "IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress.", + Description: "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", + MarkdownDescription: "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "from_cidr": schema.ListAttribute{ - Description: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", - MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", + Description: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", + MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", ElementType: types.StringType, Required: false, Optional: true, @@ -6239,8 +6239,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_cidr_set": schema.ListNestedAttribute{ - Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", - MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -6252,8 +6252,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -6264,8 +6264,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -6279,8 +6279,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_endpoints": schema.ListNestedAttribute{ - Description: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", - MarkdownDescription: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", + Description: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", + MarkdownDescription: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -6297,8 +6297,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -6308,8 +6308,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -6323,8 +6323,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -6338,8 +6338,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_entities": schema.ListAttribute{ - Description: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", - MarkdownDescription: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", + Description: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", + MarkdownDescription: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", ElementType: types.StringType, Required: false, Optional: true, @@ -6347,8 +6347,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_groups": schema.ListNestedAttribute{ - Description: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -6402,8 +6402,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_nodes": schema.ListNestedAttribute{ - Description: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", - MarkdownDescription: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", + Description: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", + MarkdownDescription: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -6420,8 +6420,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -6431,8 +6431,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -6446,8 +6446,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -6461,8 +6461,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "from_requires": schema.ListNestedAttribute{ - Description: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", - MarkdownDescription: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", + Description: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", + MarkdownDescription: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -6479,8 +6479,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -6490,8 +6490,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -6505,8 +6505,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -6520,8 +6520,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -6530,8 +6530,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -6541,8 +6541,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -6561,8 +6561,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp.", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp.", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp.", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ @@ -6583,8 +6583,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -6594,8 +6594,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -6623,8 +6623,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "labels": schema.ListNestedAttribute{ - Description: "Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels.", - MarkdownDescription: "Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels.", + Description: "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", + MarkdownDescription: "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -6658,8 +6658,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "node_selector": schema.SingleNestedAttribute{ - Description: "NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", - MarkdownDescription: "NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + Description: "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + MarkdownDescription: "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -6675,8 +6675,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -6686,8 +6686,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -6701,8 +6701,8 @@ func (r *CiliumIoCiliumClusterwideNetworkPolicyV2Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/cilium_io_v2/cilium_io_cilium_egress_gateway_policy_v2_manifest.go b/internal/provider/cilium_io_v2/cilium_io_cilium_egress_gateway_policy_v2_manifest.go index 26e04171a..7a40abefb 100644 --- a/internal/provider/cilium_io_v2/cilium_io_cilium_egress_gateway_policy_v2_manifest.go +++ b/internal/provider/cilium_io_v2/cilium_io_cilium_egress_gateway_policy_v2_manifest.go @@ -42,7 +42,7 @@ type CiliumIoCiliumEgressGatewayPolicyV2ManifestData struct { } `tfsdk:"metadata" json:"metadata"` Spec *struct { - DestinationCIDRs *[]string `tfsdk:"destination_cid_rs" json:"destinationCIDRs,omitempty"` + DestinationCIDRs *[]string `tfsdk:"destination_cidrs" json:"destinationCIDRs,omitempty"` EgressGateway *struct { EgressIP *string `tfsdk:"egress_ip" json:"egressIP,omitempty"` Interface *string `tfsdk:"interface" json:"interface,omitempty"` @@ -55,7 +55,7 @@ type CiliumIoCiliumEgressGatewayPolicyV2ManifestData struct { MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"node_selector" json:"nodeSelector,omitempty"` } `tfsdk:"egress_gateway" json:"egressGateway,omitempty"` - ExcludedCIDRs *[]string `tfsdk:"excluded_cid_rs" json:"excludedCIDRs,omitempty"` + ExcludedCIDRs *[]string `tfsdk:"excluded_cidrs" json:"excludedCIDRs,omitempty"` Selectors *[]struct { NamespaceSelector *struct { MatchExpressions *[]struct { @@ -142,9 +142,9 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "destination_cid_rs": schema.ListAttribute{ - Description: "DestinationCIDRs is a list of destination CIDRs for destination IP addresses.If a destination IP matches any one CIDR, it will be selected.", - MarkdownDescription: "DestinationCIDRs is a list of destination CIDRs for destination IP addresses.If a destination IP matches any one CIDR, it will be selected.", + "destination_cidrs": schema.ListAttribute{ + Description: "DestinationCIDRs is a list of destination CIDRs for destination IP addresses. If a destination IP matches any one CIDR, it will be selected.", + MarkdownDescription: "DestinationCIDRs is a list of destination CIDRs for destination IP addresses. If a destination IP matches any one CIDR, it will be selected.", ElementType: types.StringType, Required: true, Optional: false, @@ -156,24 +156,24 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, MarkdownDescription: "EgressGateway is the gateway node responsible for SNATing traffic.", Attributes: map[string]schema.Attribute{ "egress_ip": schema.StringAttribute{ - Description: "EgressIP is the source IP address that the egress traffic is SNATedwith.Example:When set to '192.168.1.100', matching egress traffic will beredirected to the node matching the NodeSelector field and SNATedwith IP address 192.168.1.100.When none of the Interface or EgressIP fields is specified, thepolicy will use the first IPv4 assigned to the interface with thedefault route.", - MarkdownDescription: "EgressIP is the source IP address that the egress traffic is SNATedwith.Example:When set to '192.168.1.100', matching egress traffic will beredirected to the node matching the NodeSelector field and SNATedwith IP address 192.168.1.100.When none of the Interface or EgressIP fields is specified, thepolicy will use the first IPv4 assigned to the interface with thedefault route.", + Description: "EgressIP is the source IP address that the egress traffic is SNATed with. Example: When set to '192.168.1.100', matching egress traffic will be redirected to the node matching the NodeSelector field and SNATed with IP address 192.168.1.100. When none of the Interface or EgressIP fields is specified, the policy will use the first IPv4 assigned to the interface with the default route.", + MarkdownDescription: "EgressIP is the source IP address that the egress traffic is SNATed with. Example: When set to '192.168.1.100', matching egress traffic will be redirected to the node matching the NodeSelector field and SNATed with IP address 192.168.1.100. When none of the Interface or EgressIP fields is specified, the policy will use the first IPv4 assigned to the interface with the default route.", Required: false, Optional: true, Computed: false, }, "interface": schema.StringAttribute{ - Description: "Interface is the network interface to which the egress IP addressthat the traffic is SNATed with is assigned.Example:When set to 'eth1', matching egress traffic will be redirected to thenode matching the NodeSelector field and SNATed with the first IPv4address assigned to the eth1 interface.When none of the Interface or EgressIP fields is specified, thepolicy will use the first IPv4 assigned to the interface with thedefault route.", - MarkdownDescription: "Interface is the network interface to which the egress IP addressthat the traffic is SNATed with is assigned.Example:When set to 'eth1', matching egress traffic will be redirected to thenode matching the NodeSelector field and SNATed with the first IPv4address assigned to the eth1 interface.When none of the Interface or EgressIP fields is specified, thepolicy will use the first IPv4 assigned to the interface with thedefault route.", + Description: "Interface is the network interface to which the egress IP address that the traffic is SNATed with is assigned. Example: When set to 'eth1', matching egress traffic will be redirected to the node matching the NodeSelector field and SNATed with the first IPv4 address assigned to the eth1 interface. When none of the Interface or EgressIP fields is specified, the policy will use the first IPv4 assigned to the interface with the default route.", + MarkdownDescription: "Interface is the network interface to which the egress IP address that the traffic is SNATed with is assigned. Example: When set to 'eth1', matching egress traffic will be redirected to the node matching the NodeSelector field and SNATed with the first IPv4 address assigned to the eth1 interface. When none of the Interface or EgressIP fields is specified, the policy will use the first IPv4 assigned to the interface with the default route.", Required: false, Optional: true, Computed: false, }, "node_selector": schema.SingleNestedAttribute{ - Description: "This is a label selector which selects the node that should act asegress gateway for the given policy.In case multiple nodes are selected, only the first one in thelexical ordering over the node names will be used.This field follows standard label selector semantics.", - MarkdownDescription: "This is a label selector which selects the node that should act asegress gateway for the given policy.In case multiple nodes are selected, only the first one in thelexical ordering over the node names will be used.This field follows standard label selector semantics.", + Description: "This is a label selector which selects the node that should act as egress gateway for the given policy. In case multiple nodes are selected, only the first one in the lexical ordering over the node names will be used. This field follows standard label selector semantics.", + MarkdownDescription: "This is a label selector which selects the node that should act as egress gateway for the given policy. In case multiple nodes are selected, only the first one in the lexical ordering over the node names will be used. This field follows standard label selector semantics.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -189,8 +189,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -200,8 +200,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -215,8 +215,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -233,9 +233,9 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, Computed: false, }, - "excluded_cid_rs": schema.ListAttribute{ - Description: "ExcludedCIDRs is a list of destination CIDRs that will be excludedfrom the egress gateway redirection and SNAT logic.Should be a subset of destinationCIDRs otherwise it will not have anyeffect.", - MarkdownDescription: "ExcludedCIDRs is a list of destination CIDRs that will be excludedfrom the egress gateway redirection and SNAT logic.Should be a subset of destinationCIDRs otherwise it will not have anyeffect.", + "excluded_cidrs": schema.ListAttribute{ + Description: "ExcludedCIDRs is a list of destination CIDRs that will be excluded from the egress gateway redirection and SNAT logic. Should be a subset of destinationCIDRs otherwise it will not have any effect.", + MarkdownDescription: "ExcludedCIDRs is a list of destination CIDRs that will be excluded from the egress gateway redirection and SNAT logic. Should be a subset of destinationCIDRs otherwise it will not have any effect.", ElementType: types.StringType, Required: false, Optional: true, @@ -243,13 +243,13 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "selectors": schema.ListNestedAttribute{ - Description: "Egress represents a list of rules by which egress traffic isfiltered from the source pods.", - MarkdownDescription: "Egress represents a list of rules by which egress traffic isfiltered from the source pods.", + Description: "Egress represents a list of rules by which egress traffic is filtered from the source pods.", + MarkdownDescription: "Egress represents a list of rules by which egress traffic is filtered from the source pods.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "namespace_selector": schema.SingleNestedAttribute{ - Description: "Selects Namespaces using cluster-scoped labels. This field follows standard labelselector semantics; if present but empty, it selects all namespaces.", - MarkdownDescription: "Selects Namespaces using cluster-scoped labels. This field follows standard labelselector semantics; if present but empty, it selects all namespaces.", + Description: "Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.", + MarkdownDescription: "Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -265,8 +265,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -276,8 +276,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -291,8 +291,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -305,8 +305,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "pod_selector": schema.SingleNestedAttribute{ - Description: "This is a label selector which selects Pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.", - MarkdownDescription: "This is a label selector which selects Pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.", + Description: "This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.", + MarkdownDescription: "This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -322,8 +322,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -333,8 +333,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -348,8 +348,8 @@ func (r *CiliumIoCiliumEgressGatewayPolicyV2Manifest) Schema(_ context.Context, }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/cilium_io_v2/cilium_io_cilium_envoy_config_v2_manifest.go b/internal/provider/cilium_io_v2/cilium_io_cilium_envoy_config_v2_manifest.go index 0f7dad17e..40369a035 100644 --- a/internal/provider/cilium_io_v2/cilium_io_cilium_envoy_config_v2_manifest.go +++ b/internal/provider/cilium_io_v2/cilium_io_cilium_envoy_config_v2_manifest.go @@ -144,29 +144,29 @@ func (r *CiliumIoCiliumEnvoyConfigV2Manifest) Schema(_ context.Context, _ dataso MarkdownDescription: "", Attributes: map[string]schema.Attribute{ "backend_services": schema.ListNestedAttribute{ - Description: "BackendServices specifies Kubernetes services whose backendsare automatically synced to Envoy using EDS. Traffic for theseservices is not forwarded to an Envoy listener. This allows anEnvoy listener load balance traffic to these backends whilenormal Cilium service load balancing takes care of balancingtraffic for these services at the same time.", - MarkdownDescription: "BackendServices specifies Kubernetes services whose backendsare automatically synced to Envoy using EDS. Traffic for theseservices is not forwarded to an Envoy listener. This allows anEnvoy listener load balance traffic to these backends whilenormal Cilium service load balancing takes care of balancingtraffic for these services at the same time.", + Description: "BackendServices specifies Kubernetes services whose backends are automatically synced to Envoy using EDS. Traffic for these services is not forwarded to an Envoy listener. This allows an Envoy listener load balance traffic to these backends while normal Cilium service load balancing takes care of balancing traffic for these services at the same time.", + MarkdownDescription: "BackendServices specifies Kubernetes services whose backends are automatically synced to Envoy using EDS. Traffic for these services is not forwarded to an Envoy listener. This allows an Envoy listener load balance traffic to these backends while normal Cilium service load balancing takes care of balancing traffic for these services at the same time.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.", - MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.", + Description: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected.", + MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected.", Required: true, Optional: false, Computed: false, }, "namespace": schema.StringAttribute{ - Description: "Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace defaults to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", - MarkdownDescription: "Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace defaults to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", + Description: "Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace defaults to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", + MarkdownDescription: "Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace defaults to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", Required: false, Optional: true, Computed: false, }, "number": schema.ListAttribute{ - Description: "Ports is a set of port numbers, which can be used for filtering in case of underlyingis exposing multiple port numbers.", - MarkdownDescription: "Ports is a set of port numbers, which can be used for filtering in case of underlyingis exposing multiple port numbers.", + Description: "Ports is a set of port numbers, which can be used for filtering in case of underlying is exposing multiple port numbers.", + MarkdownDescription: "Ports is a set of port numbers, which can be used for filtering in case of underlying is exposing multiple port numbers.", ElementType: types.StringType, Required: false, Optional: true, @@ -180,8 +180,8 @@ func (r *CiliumIoCiliumEnvoyConfigV2Manifest) Schema(_ context.Context, _ dataso }, "node_selector": schema.SingleNestedAttribute{ - Description: "NodeSelector is a label selector that determines to which nodesthis configuration applies.If nil, then this config applies to all nodes.", - MarkdownDescription: "NodeSelector is a label selector that determines to which nodesthis configuration applies.If nil, then this config applies to all nodes.", + Description: "NodeSelector is a label selector that determines to which nodes this configuration applies. If nil, then this config applies to all nodes.", + MarkdownDescription: "NodeSelector is a label selector that determines to which nodes this configuration applies. If nil, then this config applies to all nodes.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -197,8 +197,8 @@ func (r *CiliumIoCiliumEnvoyConfigV2Manifest) Schema(_ context.Context, _ dataso }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -208,8 +208,8 @@ func (r *CiliumIoCiliumEnvoyConfigV2Manifest) Schema(_ context.Context, _ dataso }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -223,8 +223,8 @@ func (r *CiliumIoCiliumEnvoyConfigV2Manifest) Schema(_ context.Context, _ dataso }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -237,46 +237,46 @@ func (r *CiliumIoCiliumEnvoyConfigV2Manifest) Schema(_ context.Context, _ dataso }, "resources": schema.ListAttribute{ - Description: "Envoy xDS resources, a list of the following Envoy resource types:type.googleapis.com/envoy.config.listener.v3.Listener,type.googleapis.com/envoy.config.route.v3.RouteConfiguration,type.googleapis.com/envoy.config.cluster.v3.Cluster,type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, andtype.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret.", - MarkdownDescription: "Envoy xDS resources, a list of the following Envoy resource types:type.googleapis.com/envoy.config.listener.v3.Listener,type.googleapis.com/envoy.config.route.v3.RouteConfiguration,type.googleapis.com/envoy.config.cluster.v3.Cluster,type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, andtype.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret.", + Description: "Envoy xDS resources, a list of the following Envoy resource types: type.googleapis.com/envoy.config.listener.v3.Listener, type.googleapis.com/envoy.config.route.v3.RouteConfiguration, type.googleapis.com/envoy.config.cluster.v3.Cluster, type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, and type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret.", + MarkdownDescription: "Envoy xDS resources, a list of the following Envoy resource types: type.googleapis.com/envoy.config.listener.v3.Listener, type.googleapis.com/envoy.config.route.v3.RouteConfiguration, type.googleapis.com/envoy.config.cluster.v3.Cluster, type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, and type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret.", ElementType: types.MapType{ElemType: types.StringType}, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, "services": schema.ListNestedAttribute{ - Description: "Services specifies Kubernetes services for which traffic isforwarded to an Envoy listener for L7 load balancing. Backendsof these services are automatically synced to Envoy usign EDS.", - MarkdownDescription: "Services specifies Kubernetes services for which traffic isforwarded to an Envoy listener for L7 load balancing. Backendsof these services are automatically synced to Envoy usign EDS.", + Description: "Services specifies Kubernetes services for which traffic is forwarded to an Envoy listener for L7 load balancing. Backends of these services are automatically synced to Envoy usign EDS.", + MarkdownDescription: "Services specifies Kubernetes services for which traffic is forwarded to an Envoy listener for L7 load balancing. Backends of these services are automatically synced to Envoy usign EDS.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.StringAttribute{ - Description: "Listener specifies the name of the Envoy listener theservice traffic is redirected to. The listener must bespecified in the Envoy 'resources' of the sameCiliumEnvoyConfig.If omitted, the first listener specified in 'resources' isused.", - MarkdownDescription: "Listener specifies the name of the Envoy listener theservice traffic is redirected to. The listener must bespecified in the Envoy 'resources' of the sameCiliumEnvoyConfig.If omitted, the first listener specified in 'resources' isused.", + Description: "Listener specifies the name of the Envoy listener the service traffic is redirected to. The listener must be specified in the Envoy 'resources' of the same CiliumEnvoyConfig. If omitted, the first listener specified in 'resources' is used.", + MarkdownDescription: "Listener specifies the name of the Envoy listener the service traffic is redirected to. The listener must be specified in the Envoy 'resources' of the same CiliumEnvoyConfig. If omitted, the first listener specified in 'resources' is used.", Required: false, Optional: true, Computed: false, }, "name": schema.StringAttribute{ - Description: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.", - MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.", + Description: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected.", + MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected.", Required: true, Optional: false, Computed: false, }, "namespace": schema.StringAttribute{ - Description: "Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", - MarkdownDescription: "Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", + Description: "Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", + MarkdownDescription: "Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'.", Required: false, Optional: true, Computed: false, }, "ports": schema.ListAttribute{ - Description: "Ports is a set of service's frontend ports that should be redirected to the Envoylistener. By default all frontend ports of the service are redirected.", - MarkdownDescription: "Ports is a set of service's frontend ports that should be redirected to the Envoylistener. By default all frontend ports of the service are redirected.", + Description: "Ports is a set of service's frontend ports that should be redirected to the Envoy listener. By default all frontend ports of the service are redirected.", + MarkdownDescription: "Ports is a set of service's frontend ports that should be redirected to the Envoy listener. By default all frontend ports of the service are redirected.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/cilium_io_v2/cilium_io_cilium_external_workload_v2_manifest.go b/internal/provider/cilium_io_v2/cilium_io_cilium_external_workload_v2_manifest.go index a5675c2f3..b9b91abe6 100644 --- a/internal/provider/cilium_io_v2/cilium_io_cilium_external_workload_v2_manifest.go +++ b/internal/provider/cilium_io_v2/cilium_io_cilium_external_workload_v2_manifest.go @@ -54,8 +54,8 @@ func (r *CiliumIoCiliumExternalWorkloadV2Manifest) Metadata(_ context.Context, r func (r *CiliumIoCiliumExternalWorkloadV2Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumExternalWorkload is a Kubernetes Custom Resource thatcontains a specification for an external workload that can join thecluster. The name of the CRD is the FQDN of the external workload,and it needs to match the name in the workload registration. Thelabels on the CRD object are the labels that will be used toallocate a Cilium Identity for the external workload. If'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labelsare not explicitly specified, they will be defaulted to 'default'and , respectively. 'io.cilium.k8s.policy.cluster'will always be defined as the name of the current cluster, whichdefaults to 'default'.", - MarkdownDescription: "CiliumExternalWorkload is a Kubernetes Custom Resource thatcontains a specification for an external workload that can join thecluster. The name of the CRD is the FQDN of the external workload,and it needs to match the name in the workload registration. Thelabels on the CRD object are the labels that will be used toallocate a Cilium Identity for the external workload. If'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labelsare not explicitly specified, they will be defaulted to 'default'and , respectively. 'io.cilium.k8s.policy.cluster'will always be defined as the name of the current cluster, whichdefaults to 'default'.", + Description: "CiliumExternalWorkload is a Kubernetes Custom Resource that contains a specification for an external workload that can join the cluster. The name of the CRD is the FQDN of the external workload, and it needs to match the name in the workload registration. The labels on the CRD object are the labels that will be used to allocate a Cilium Identity for the external workload. If 'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labels are not explicitly specified, they will be defaulted to 'default' and , respectively. 'io.cilium.k8s.policy.cluster' will always be defined as the name of the current cluster, which defaults to 'default'.", + MarkdownDescription: "CiliumExternalWorkload is a Kubernetes Custom Resource that contains a specification for an external workload that can join the cluster. The name of the CRD is the FQDN of the external workload, and it needs to match the name in the workload registration. The labels on the CRD object are the labels that will be used to allocate a Cilium Identity for the external workload. If 'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labels are not explicitly specified, they will be defaulted to 'default' and , respectively. 'io.cilium.k8s.policy.cluster' will always be defined as the name of the current cluster, which defaults to 'default'.", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", @@ -114,8 +114,8 @@ func (r *CiliumIoCiliumExternalWorkloadV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Spec is the desired configuration of the external Cilium workload.", Attributes: map[string]schema.Attribute{ "ipv4_alloc_cidr": schema.StringAttribute{ - Description: "IPv4AllocCIDR is the range of IPv4 addresses in the CIDR format that the external workload canuse to allocate IP addresses for the tunnel device and the health endpoint.", - MarkdownDescription: "IPv4AllocCIDR is the range of IPv4 addresses in the CIDR format that the external workload canuse to allocate IP addresses for the tunnel device and the health endpoint.", + Description: "IPv4AllocCIDR is the range of IPv4 addresses in the CIDR format that the external workload can use to allocate IP addresses for the tunnel device and the health endpoint.", + MarkdownDescription: "IPv4AllocCIDR is the range of IPv4 addresses in the CIDR format that the external workload can use to allocate IP addresses for the tunnel device and the health endpoint.", Required: false, Optional: true, Computed: false, @@ -125,8 +125,8 @@ func (r *CiliumIoCiliumExternalWorkloadV2Manifest) Schema(_ context.Context, _ d }, "ipv6_alloc_cidr": schema.StringAttribute{ - Description: "IPv6AllocCIDR is the range of IPv6 addresses in the CIDR format that the external workload canuse to allocate IP addresses for the tunnel device and the health endpoint.", - MarkdownDescription: "IPv6AllocCIDR is the range of IPv6 addresses in the CIDR format that the external workload canuse to allocate IP addresses for the tunnel device and the health endpoint.", + Description: "IPv6AllocCIDR is the range of IPv6 addresses in the CIDR format that the external workload can use to allocate IP addresses for the tunnel device and the health endpoint.", + MarkdownDescription: "IPv6AllocCIDR is the range of IPv6 addresses in the CIDR format that the external workload can use to allocate IP addresses for the tunnel device and the health endpoint.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/cilium_io_v2/cilium_io_cilium_identity_v2_manifest.go b/internal/provider/cilium_io_v2/cilium_io_cilium_identity_v2_manifest.go index 9712ebbe2..00478d1d7 100644 --- a/internal/provider/cilium_io_v2/cilium_io_cilium_identity_v2_manifest.go +++ b/internal/provider/cilium_io_v2/cilium_io_cilium_identity_v2_manifest.go @@ -50,8 +50,8 @@ func (r *CiliumIoCiliumIdentityV2Manifest) Metadata(_ context.Context, request d func (r *CiliumIoCiliumIdentityV2Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumIdentity is a CRD that represents an identity managed by Cilium.It is intended as a backing store for identity allocation, acting as theglobal coordination backend, and can be used in place of a KVStore (such asetcd).The name of the CRD is the numeric identity and the labels on the CRD objectare the kubernetes sourced labels seen by cilium. This is currently theonly label source possible when running under kubernetes. Non-kuberneteslabels are filtered but all labels, from all sources, are places in theSecurityLabels field. These also include the source and are used to definethe identity.The labels under metav1.ObjectMeta can be used when searching forCiliumIdentity instances that include particular labels. This can be donewith invocations such as: kubectl get ciliumid -l 'foo=bar'", - MarkdownDescription: "CiliumIdentity is a CRD that represents an identity managed by Cilium.It is intended as a backing store for identity allocation, acting as theglobal coordination backend, and can be used in place of a KVStore (such asetcd).The name of the CRD is the numeric identity and the labels on the CRD objectare the kubernetes sourced labels seen by cilium. This is currently theonly label source possible when running under kubernetes. Non-kuberneteslabels are filtered but all labels, from all sources, are places in theSecurityLabels field. These also include the source and are used to definethe identity.The labels under metav1.ObjectMeta can be used when searching forCiliumIdentity instances that include particular labels. This can be donewith invocations such as: kubectl get ciliumid -l 'foo=bar'", + Description: "CiliumIdentity is a CRD that represents an identity managed by Cilium. It is intended as a backing store for identity allocation, acting as the global coordination backend, and can be used in place of a KVStore (such as etcd). The name of the CRD is the numeric identity and the labels on the CRD object are the kubernetes sourced labels seen by cilium. This is currently the only label source possible when running under kubernetes. Non-kubernetes labels are filtered but all labels, from all sources, are places in the SecurityLabels field. These also include the source and are used to define the identity. The labels under metav1.ObjectMeta can be used when searching for CiliumIdentity instances that include particular labels. This can be done with invocations such as: kubectl get ciliumid -l 'foo=bar'", + MarkdownDescription: "CiliumIdentity is a CRD that represents an identity managed by Cilium. It is intended as a backing store for identity allocation, acting as the global coordination backend, and can be used in place of a KVStore (such as etcd). The name of the CRD is the numeric identity and the labels on the CRD object are the kubernetes sourced labels seen by cilium. This is currently the only label source possible when running under kubernetes. Non-kubernetes labels are filtered but all labels, from all sources, are places in the SecurityLabels field. These also include the source and are used to define the identity. The labels under metav1.ObjectMeta can be used when searching for CiliumIdentity instances that include particular labels. This can be done with invocations such as: kubectl get ciliumid -l 'foo=bar'", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", diff --git a/internal/provider/cilium_io_v2/cilium_io_cilium_local_redirect_policy_v2_manifest.go b/internal/provider/cilium_io_v2/cilium_io_cilium_local_redirect_policy_v2_manifest.go index f8b126ddb..0c6c572c8 100644 --- a/internal/provider/cilium_io_v2/cilium_io_cilium_local_redirect_policy_v2_manifest.go +++ b/internal/provider/cilium_io_v2/cilium_io_cilium_local_redirect_policy_v2_manifest.go @@ -89,8 +89,8 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Metadata(_ context.Context func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains aspecification to redirect traffic locally within a node.", - MarkdownDescription: "CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains aspecification to redirect traffic locally within a node.", + Description: "CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains a specification to redirect traffic locally within a node.", + MarkdownDescription: "CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains a specification to redirect traffic locally within a node.", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", @@ -161,16 +161,16 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, MarkdownDescription: "Spec is the desired behavior of the local redirect policy.", Attributes: map[string]schema.Attribute{ "description": schema.StringAttribute{ - Description: "Description can be used by the creator of the policy to describe thepurpose of this policy.", - MarkdownDescription: "Description can be used by the creator of the policy to describe thepurpose of this policy.", + Description: "Description can be used by the creator of the policy to describe the purpose of this policy.", + MarkdownDescription: "Description can be used by the creator of the policy to describe the purpose of this policy.", Required: false, Optional: true, Computed: false, }, "redirect_backend": schema.SingleNestedAttribute{ - Description: "RedirectBackend specifies backend configuration to redirect traffic to.It can not be empty.", - MarkdownDescription: "RedirectBackend specifies backend configuration to redirect traffic to.It can not be empty.", + Description: "RedirectBackend specifies backend configuration to redirect traffic to. It can not be empty.", + MarkdownDescription: "RedirectBackend specifies backend configuration to redirect traffic to. It can not be empty.", Attributes: map[string]schema.Attribute{ "local_endpoint_selector": schema.SingleNestedAttribute{ Description: "LocalEndpointSelector selects node local pod(s) where traffic is redirected to.", @@ -190,8 +190,8 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -201,8 +201,8 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -216,8 +216,8 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -230,13 +230,13 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of L4 ports with protocol of node local pod(s) where trafficis redirected to.When multiple ports are specified, the ports must be named.", - MarkdownDescription: "ToPorts is a list of L4 ports with protocol of node local pod(s) where trafficis redirected to.When multiple ports are specified, the ports must be named.", + Description: "ToPorts is a list of L4 ports with protocol of node local pod(s) where traffic is redirected to. When multiple ports are specified, the ports must be named.", + MarkdownDescription: "ToPorts is a list of L4 ports with protocol of node local pod(s) where traffic is redirected to. When multiple ports are specified, the ports must be named.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name is a port name, which must contain at least one [a-z],and may also contain [0-9] and '-' anywhere except adjacent to another'-' or in the beginning or the end.", - MarkdownDescription: "Name is a port name, which must contain at least one [a-z],and may also contain [0-9] and '-' anywhere except adjacent to another'-' or in the beginning or the end.", + Description: "Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + MarkdownDescription: "Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", Required: false, Optional: true, Computed: false, @@ -257,8 +257,8 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol.Accepted values: 'TCP', 'UDP'", - MarkdownDescription: "Protocol is the L4 protocol.Accepted values: 'TCP', 'UDP'", + Description: "Protocol is the L4 protocol. Accepted values: 'TCP', 'UDP'", + MarkdownDescription: "Protocol is the L4 protocol. Accepted values: 'TCP', 'UDP'", Required: true, Optional: false, Computed: false, @@ -279,16 +279,16 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "redirect_frontend": schema.SingleNestedAttribute{ - Description: "RedirectFrontend specifies frontend configuration to redirect traffic from.It can not be empty.", - MarkdownDescription: "RedirectFrontend specifies frontend configuration to redirect traffic from.It can not be empty.", + Description: "RedirectFrontend specifies frontend configuration to redirect traffic from. It can not be empty.", + MarkdownDescription: "RedirectFrontend specifies frontend configuration to redirect traffic from. It can not be empty.", Attributes: map[string]schema.Attribute{ "address_matcher": schema.SingleNestedAttribute{ - Description: "AddressMatcher is a tuple {IP, port, protocol} that matches traffic to beredirected.", - MarkdownDescription: "AddressMatcher is a tuple {IP, port, protocol} that matches traffic to beredirected.", + Description: "AddressMatcher is a tuple {IP, port, protocol} that matches traffic to be redirected.", + MarkdownDescription: "AddressMatcher is a tuple {IP, port, protocol} that matches traffic to be redirected.", Attributes: map[string]schema.Attribute{ "ip": schema.StringAttribute{ - Description: "IP is a destination ip address for traffic to be redirected.Example:When it is set to '169.254.169.254', traffic destined to'169.254.169.254' is redirected.", - MarkdownDescription: "IP is a destination ip address for traffic to be redirected.Example:When it is set to '169.254.169.254', traffic destined to'169.254.169.254' is redirected.", + Description: "IP is a destination ip address for traffic to be redirected. Example: When it is set to '169.254.169.254', traffic destined to '169.254.169.254' is redirected.", + MarkdownDescription: "IP is a destination ip address for traffic to be redirected. Example: When it is set to '169.254.169.254', traffic destined to '169.254.169.254' is redirected.", Required: true, Optional: false, Computed: false, @@ -298,13 +298,13 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination L4 ports with protocol for trafficto be redirected.When multiple ports are specified, the ports must be named.Example:When set to Port: '53' and Protocol: UDP, traffic destined to port '53'with UDP protocol is redirected.", - MarkdownDescription: "ToPorts is a list of destination L4 ports with protocol for trafficto be redirected.When multiple ports are specified, the ports must be named.Example:When set to Port: '53' and Protocol: UDP, traffic destined to port '53'with UDP protocol is redirected.", + Description: "ToPorts is a list of destination L4 ports with protocol for traffic to be redirected. When multiple ports are specified, the ports must be named. Example: When set to Port: '53' and Protocol: UDP, traffic destined to port '53' with UDP protocol is redirected.", + MarkdownDescription: "ToPorts is a list of destination L4 ports with protocol for traffic to be redirected. When multiple ports are specified, the ports must be named. Example: When set to Port: '53' and Protocol: UDP, traffic destined to port '53' with UDP protocol is redirected.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name is a port name, which must contain at least one [a-z],and may also contain [0-9] and '-' anywhere except adjacent to another'-' or in the beginning or the end.", - MarkdownDescription: "Name is a port name, which must contain at least one [a-z],and may also contain [0-9] and '-' anywhere except adjacent to another'-' or in the beginning or the end.", + Description: "Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + MarkdownDescription: "Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", Required: false, Optional: true, Computed: false, @@ -325,8 +325,8 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol.Accepted values: 'TCP', 'UDP'", - MarkdownDescription: "Protocol is the L4 protocol.Accepted values: 'TCP', 'UDP'", + Description: "Protocol is the L4 protocol. Accepted values: 'TCP', 'UDP'", + MarkdownDescription: "Protocol is the L4 protocol. Accepted values: 'TCP', 'UDP'", Required: true, Optional: false, Computed: false, @@ -347,33 +347,33 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "service_matcher": schema.SingleNestedAttribute{ - Description: "ServiceMatcher specifies Kubernetes service and port that matchestraffic to be redirected.", - MarkdownDescription: "ServiceMatcher specifies Kubernetes service and port that matchestraffic to be redirected.", + Description: "ServiceMatcher specifies Kubernetes service and port that matches traffic to be redirected.", + MarkdownDescription: "ServiceMatcher specifies Kubernetes service and port that matches traffic to be redirected.", Attributes: map[string]schema.Attribute{ "namespace": schema.StringAttribute{ - Description: "Namespace is the Kubernetes service namespace.The service namespace must match the namespace of the parent LocalRedirect Policy. For Cluster-wide Local Redirect Policy, thiscan be any namespace.", - MarkdownDescription: "Namespace is the Kubernetes service namespace.The service namespace must match the namespace of the parent LocalRedirect Policy. For Cluster-wide Local Redirect Policy, thiscan be any namespace.", + Description: "Namespace is the Kubernetes service namespace. The service namespace must match the namespace of the parent Local Redirect Policy. For Cluster-wide Local Redirect Policy, this can be any namespace.", + MarkdownDescription: "Namespace is the Kubernetes service namespace. The service namespace must match the namespace of the parent Local Redirect Policy. For Cluster-wide Local Redirect Policy, this can be any namespace.", Required: true, Optional: false, Computed: false, }, "service_name": schema.StringAttribute{ - Description: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.The service type needs to be ClusterIP.Example:When this field is populated with 'serviceName:myService', all the trafficdestined to the cluster IP of this service at the (specified)service port(s) will be redirected.", - MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies trafficto be redirected.The service type needs to be ClusterIP.Example:When this field is populated with 'serviceName:myService', all the trafficdestined to the cluster IP of this service at the (specified)service port(s) will be redirected.", + Description: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected. The service type needs to be ClusterIP. Example: When this field is populated with 'serviceName:myService', all the traffic destined to the cluster IP of this service at the (specified) service port(s) will be redirected.", + MarkdownDescription: "Name is the name of a destination Kubernetes service that identifies traffic to be redirected. The service type needs to be ClusterIP. Example: When this field is populated with 'serviceName:myService', all the traffic destined to the cluster IP of this service at the (specified) service port(s) will be redirected.", Required: true, Optional: false, Computed: false, }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination service L4 ports with protocol fortraffic to be redirected. If not specified, traffic for all the serviceports will be redirected.When multiple ports are specified, the ports must be named.", - MarkdownDescription: "ToPorts is a list of destination service L4 ports with protocol fortraffic to be redirected. If not specified, traffic for all the serviceports will be redirected.When multiple ports are specified, the ports must be named.", + Description: "ToPorts is a list of destination service L4 ports with protocol for traffic to be redirected. If not specified, traffic for all the service ports will be redirected. When multiple ports are specified, the ports must be named.", + MarkdownDescription: "ToPorts is a list of destination service L4 ports with protocol for traffic to be redirected. If not specified, traffic for all the service ports will be redirected. When multiple ports are specified, the ports must be named.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name is a port name, which must contain at least one [a-z],and may also contain [0-9] and '-' anywhere except adjacent to another'-' or in the beginning or the end.", - MarkdownDescription: "Name is a port name, which must contain at least one [a-z],and may also contain [0-9] and '-' anywhere except adjacent to another'-' or in the beginning or the end.", + Description: "Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + MarkdownDescription: "Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", Required: false, Optional: true, Computed: false, @@ -394,8 +394,8 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol.Accepted values: 'TCP', 'UDP'", - MarkdownDescription: "Protocol is the L4 protocol.Accepted values: 'TCP', 'UDP'", + Description: "Protocol is the L4 protocol. Accepted values: 'TCP', 'UDP'", + MarkdownDescription: "Protocol is the L4 protocol. Accepted values: 'TCP', 'UDP'", Required: true, Optional: false, Computed: false, @@ -421,8 +421,8 @@ func (r *CiliumIoCiliumLocalRedirectPolicyV2Manifest) Schema(_ context.Context, }, "skip_redirect_from_backend": schema.BoolAttribute{ - Description: "SkipRedirectFromBackend indicates whether traffic matching RedirectFrontendfrom RedirectBackend should skip redirection, and hence the traffic willbe forwarded as-is.The default is false which means traffic matching RedirectFrontend willget redirected from all pods, including the RedirectBackend(s).Example: If RedirectFrontend is configured to '169.254.169.254:80' as the trafficthat needs to be redirected to backends selected by RedirectBackend, ifSkipRedirectFromBackend is set to true, traffic going to '169.254.169.254:80'from such backends will not be redirected back to the backends. Instead,the matched traffic from the backends will be forwarded to the originaldestination '169.254.169.254:80'.", - MarkdownDescription: "SkipRedirectFromBackend indicates whether traffic matching RedirectFrontendfrom RedirectBackend should skip redirection, and hence the traffic willbe forwarded as-is.The default is false which means traffic matching RedirectFrontend willget redirected from all pods, including the RedirectBackend(s).Example: If RedirectFrontend is configured to '169.254.169.254:80' as the trafficthat needs to be redirected to backends selected by RedirectBackend, ifSkipRedirectFromBackend is set to true, traffic going to '169.254.169.254:80'from such backends will not be redirected back to the backends. Instead,the matched traffic from the backends will be forwarded to the originaldestination '169.254.169.254:80'.", + Description: "SkipRedirectFromBackend indicates whether traffic matching RedirectFrontend from RedirectBackend should skip redirection, and hence the traffic will be forwarded as-is. The default is false which means traffic matching RedirectFrontend will get redirected from all pods, including the RedirectBackend(s). Example: If RedirectFrontend is configured to '169.254.169.254:80' as the traffic that needs to be redirected to backends selected by RedirectBackend, if SkipRedirectFromBackend is set to true, traffic going to '169.254.169.254:80' from such backends will not be redirected back to the backends. Instead, the matched traffic from the backends will be forwarded to the original destination '169.254.169.254:80'.", + MarkdownDescription: "SkipRedirectFromBackend indicates whether traffic matching RedirectFrontend from RedirectBackend should skip redirection, and hence the traffic will be forwarded as-is. The default is false which means traffic matching RedirectFrontend will get redirected from all pods, including the RedirectBackend(s). Example: If RedirectFrontend is configured to '169.254.169.254:80' as the traffic that needs to be redirected to backends selected by RedirectBackend, if SkipRedirectFromBackend is set to true, traffic going to '169.254.169.254:80' from such backends will not be redirected back to the backends. Instead, the matched traffic from the backends will be forwarded to the original destination '169.254.169.254:80'.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/cilium_io_v2/cilium_io_cilium_network_policy_v2_manifest.go b/internal/provider/cilium_io_v2/cilium_io_cilium_network_policy_v2_manifest.go index e70afdfe1..5156b82ef 100644 --- a/internal/provider/cilium_io_v2/cilium_io_cilium_network_policy_v2_manifest.go +++ b/internal/provider/cilium_io_v2/cilium_io_cilium_network_policy_v2_manifest.go @@ -856,8 +856,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Metadata(_ context.Context, requ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumNetworkPolicy is a Kubernetes third-party resource with an extendedversion of NetworkPolicy.", - MarkdownDescription: "CiliumNetworkPolicy is a Kubernetes third-party resource with an extendedversion of NetworkPolicy.", + Description: "CiliumNetworkPolicy is a Kubernetes third-party resource with an extended version of NetworkPolicy.", + MarkdownDescription: "CiliumNetworkPolicy is a Kubernetes third-party resource with an extended version of NetworkPolicy.", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", @@ -928,16 +928,16 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data MarkdownDescription: "Spec is the desired Cilium specific rule specification.", Attributes: map[string]schema.Attribute{ "description": schema.StringAttribute{ - Description: "Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment.", - MarkdownDescription: "Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment.", + Description: "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", + MarkdownDescription: "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", Required: false, Optional: true, Computed: false, }, "egress": schema.ListNestedAttribute{ - Description: "Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress.", - MarkdownDescription: "Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress.", + Description: "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", + MarkdownDescription: "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "authentication": schema.SingleNestedAttribute{ @@ -961,8 +961,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -971,8 +971,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -982,8 +982,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -1002,8 +1002,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_cidr": schema.ListAttribute{ - Description: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", - MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", + Description: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", + MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", ElementType: types.StringType, Required: false, Optional: true, @@ -1011,8 +1011,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_cidr_set": schema.ListNestedAttribute{ - Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", - MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -1024,8 +1024,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -1036,8 +1036,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -1051,8 +1051,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_endpoints": schema.ListNestedAttribute{ - Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", - MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", + Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", + MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -1069,8 +1069,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1080,8 +1080,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1095,8 +1095,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1110,8 +1110,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_entities": schema.ListAttribute{ - Description: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", - MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", + Description: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", + MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", ElementType: types.StringType, Required: false, Optional: true, @@ -1119,13 +1119,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_fqd_ns": schema.ListNestedAttribute{ - Description: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules.", - MarkdownDescription: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules.", + Description: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules.", + MarkdownDescription: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -1135,8 +1135,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -1152,8 +1152,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_groups": schema.ListNestedAttribute{ - Description: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -1207,8 +1207,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_nodes": schema.ListNestedAttribute{ - Description: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", - MarkdownDescription: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + Description: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", + MarkdownDescription: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -1225,8 +1225,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1236,8 +1236,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1251,8 +1251,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1266,21 +1266,21 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.SingleNestedAttribute{ - Description: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", - MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", + Description: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", + MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", Attributes: map[string]schema.Attribute{ "envoy_config": schema.SingleNestedAttribute{ - Description: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", - MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", + Description: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", + MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", - MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", + Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", + MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", Required: false, Optional: true, Computed: false, @@ -1290,8 +1290,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "name": schema.StringAttribute{ - Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", - MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", + Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", + MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", Required: true, Optional: false, Computed: false, @@ -1317,8 +1317,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "priority": schema.Int64Attribute{ - Description: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", - MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", + Description: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", + MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", Required: false, Optional: true, Computed: false, @@ -1334,28 +1334,28 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "originating_tls": schema.SingleNestedAttribute{ - Description: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", - MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", + Description: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -1366,8 +1366,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -1379,8 +1379,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -1409,8 +1409,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -1420,8 +1420,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -1437,8 +1437,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "rules": schema.SingleNestedAttribute{ - Description: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", - MarkdownDescription: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", + Description: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + MarkdownDescription: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", Attributes: map[string]schema.Attribute{ "dns": schema.ListNestedAttribute{ Description: "DNS-specific rules.", @@ -1446,8 +1446,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -1457,8 +1457,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -1479,13 +1479,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "header_matches": schema.ListNestedAttribute{ - Description: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", - MarkdownDescription: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", + Description: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + MarkdownDescription: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mismatch": schema.StringAttribute{ - Description: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", - MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", + Description: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", Required: false, Optional: true, Computed: false, @@ -1506,8 +1506,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "secret": schema.SingleNestedAttribute{ - Description: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", - MarkdownDescription: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", + Description: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", + MarkdownDescription: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -1518,8 +1518,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -1531,8 +1531,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "value": schema.StringAttribute{ - Description: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", - MarkdownDescription: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", + Description: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", + MarkdownDescription: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", Required: false, Optional: true, Computed: false, @@ -1545,8 +1545,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "headers": schema.ListAttribute{ - Description: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", - MarkdownDescription: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", + Description: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + MarkdownDescription: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", ElementType: types.StringType, Required: false, Optional: true, @@ -1554,24 +1554,24 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "host": schema.StringAttribute{ - Description: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", - MarkdownDescription: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", + Description: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", + MarkdownDescription: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", Required: false, Optional: true, Computed: false, }, "method": schema.StringAttribute{ - Description: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", - MarkdownDescription: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", + Description: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", + MarkdownDescription: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", - MarkdownDescription: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", + Description: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", + MarkdownDescription: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", Required: false, Optional: true, Computed: false, @@ -1589,32 +1589,32 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_key": schema.StringAttribute{ - Description: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", - MarkdownDescription: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", + Description: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", + MarkdownDescription: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, }, "api_version": schema.StringAttribute{ - Description: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", - MarkdownDescription: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", + Description: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", + MarkdownDescription: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", Required: false, Optional: true, Computed: false, }, "client_id": schema.StringAttribute{ - Description: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", - MarkdownDescription: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", + Description: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", + MarkdownDescription: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", Required: false, Optional: true, Computed: false, }, "role": schema.StringAttribute{ - Description: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", - MarkdownDescription: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", + Description: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + MarkdownDescription: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, @@ -1624,8 +1624,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "topic": schema.StringAttribute{ - Description: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", - MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", + Description: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", + MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", Required: false, Optional: true, Computed: false, @@ -1663,8 +1663,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "server_names": schema.ListAttribute{ - Description: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", - MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", + Description: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", + MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", ElementType: types.StringType, Required: false, Optional: true, @@ -1672,28 +1672,28 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "terminating_tls": schema.SingleNestedAttribute{ - Description: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", - MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", + Description: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -1704,8 +1704,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -1717,8 +1717,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -1736,8 +1736,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_requires": schema.ListNestedAttribute{ - Description: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", - MarkdownDescription: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", + Description: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", + MarkdownDescription: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -1754,8 +1754,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1765,8 +1765,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1780,8 +1780,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1795,8 +1795,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_services": schema.ListNestedAttribute{ - Description: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", - MarkdownDescription: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", + Description: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", + MarkdownDescription: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "k8s_service": schema.SingleNestedAttribute{ @@ -1854,8 +1854,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1865,8 +1865,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1880,8 +1880,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1911,13 +1911,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "egress_deny": schema.ListNestedAttribute{ - Description: "EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress.", - MarkdownDescription: "EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress.", + Description: "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", + MarkdownDescription: "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -1926,8 +1926,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -1937,8 +1937,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -1957,8 +1957,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_cidr": schema.ListAttribute{ - Description: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", - MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", + Description: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", + MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", ElementType: types.StringType, Required: false, Optional: true, @@ -1966,8 +1966,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_cidr_set": schema.ListNestedAttribute{ - Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", - MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -1979,8 +1979,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -1991,8 +1991,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -2006,8 +2006,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_endpoints": schema.ListNestedAttribute{ - Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", - MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", + Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", + MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2024,8 +2024,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2035,8 +2035,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2050,8 +2050,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2065,8 +2065,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_entities": schema.ListAttribute{ - Description: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", - MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", + Description: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", + MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", ElementType: types.StringType, Required: false, Optional: true, @@ -2074,8 +2074,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_groups": schema.ListNestedAttribute{ - Description: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -2129,8 +2129,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_nodes": schema.ListNestedAttribute{ - Description: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", - MarkdownDescription: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + Description: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", + MarkdownDescription: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2147,8 +2147,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2158,8 +2158,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2173,8 +2173,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2188,8 +2188,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ @@ -2210,8 +2210,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -2221,8 +2221,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -2244,8 +2244,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_requires": schema.ListNestedAttribute{ - Description: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", - MarkdownDescription: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", + Description: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", + MarkdownDescription: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2262,8 +2262,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2273,8 +2273,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2288,8 +2288,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2303,8 +2303,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_services": schema.ListNestedAttribute{ - Description: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", - MarkdownDescription: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", + Description: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", + MarkdownDescription: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "k8s_service": schema.SingleNestedAttribute{ @@ -2362,8 +2362,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2373,8 +2373,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2388,8 +2388,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2419,20 +2419,20 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "enable_default_deny": schema.SingleNestedAttribute{ - Description: "EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode.", - MarkdownDescription: "EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode.", + Description: "EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode.", + MarkdownDescription: "EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode.", Attributes: map[string]schema.Attribute{ "egress": schema.BoolAttribute{ - Description: "Whether or not the endpoint should have a default-deny rule appliedto egress traffic.", - MarkdownDescription: "Whether or not the endpoint should have a default-deny rule appliedto egress traffic.", + Description: "Whether or not the endpoint should have a default-deny rule applied to egress traffic.", + MarkdownDescription: "Whether or not the endpoint should have a default-deny rule applied to egress traffic.", Required: false, Optional: true, Computed: false, }, "ingress": schema.BoolAttribute{ - Description: "Whether or not the endpoint should have a default-deny rule appliedto ingress traffic.", - MarkdownDescription: "Whether or not the endpoint should have a default-deny rule appliedto ingress traffic.", + Description: "Whether or not the endpoint should have a default-deny rule applied to ingress traffic.", + MarkdownDescription: "Whether or not the endpoint should have a default-deny rule applied to ingress traffic.", Required: false, Optional: true, Computed: false, @@ -2444,8 +2444,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "endpoint_selector": schema.SingleNestedAttribute{ - Description: "EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive.", - MarkdownDescription: "EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive.", + Description: "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", + MarkdownDescription: "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -2461,8 +2461,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2472,8 +2472,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2487,8 +2487,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2501,8 +2501,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "ingress": schema.ListNestedAttribute{ - Description: "Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress.", - MarkdownDescription: "Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress.", + Description: "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", + MarkdownDescription: "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "authentication": schema.SingleNestedAttribute{ @@ -2526,8 +2526,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_cidr": schema.ListAttribute{ - Description: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", - MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", + Description: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", + MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", ElementType: types.StringType, Required: false, Optional: true, @@ -2535,8 +2535,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_cidr_set": schema.ListNestedAttribute{ - Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", - MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -2548,8 +2548,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -2560,8 +2560,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -2575,8 +2575,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_endpoints": schema.ListNestedAttribute{ - Description: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", - MarkdownDescription: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", + Description: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", + MarkdownDescription: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2593,8 +2593,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2604,8 +2604,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2619,8 +2619,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2634,8 +2634,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_entities": schema.ListAttribute{ - Description: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", - MarkdownDescription: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", + Description: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", + MarkdownDescription: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", ElementType: types.StringType, Required: false, Optional: true, @@ -2643,8 +2643,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_groups": schema.ListNestedAttribute{ - Description: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -2698,8 +2698,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_nodes": schema.ListNestedAttribute{ - Description: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", - MarkdownDescription: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", + Description: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", + MarkdownDescription: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2716,8 +2716,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2727,8 +2727,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2742,8 +2742,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2757,8 +2757,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_requires": schema.ListNestedAttribute{ - Description: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", - MarkdownDescription: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", + Description: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", + MarkdownDescription: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -2775,8 +2775,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -2786,8 +2786,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -2801,8 +2801,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -2816,8 +2816,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -2826,8 +2826,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -2837,8 +2837,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -2857,21 +2857,21 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp.", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp.", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp.", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.SingleNestedAttribute{ - Description: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", - MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", + Description: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", + MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", Attributes: map[string]schema.Attribute{ "envoy_config": schema.SingleNestedAttribute{ - Description: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", - MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", + Description: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", + MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", - MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", + Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", + MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", Required: false, Optional: true, Computed: false, @@ -2881,8 +2881,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "name": schema.StringAttribute{ - Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", - MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", + Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", + MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", Required: true, Optional: false, Computed: false, @@ -2908,8 +2908,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "priority": schema.Int64Attribute{ - Description: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", - MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", + Description: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", + MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", Required: false, Optional: true, Computed: false, @@ -2925,28 +2925,28 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "originating_tls": schema.SingleNestedAttribute{ - Description: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", - MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", + Description: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -2957,8 +2957,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -2970,8 +2970,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -3000,8 +3000,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -3011,8 +3011,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -3028,8 +3028,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "rules": schema.SingleNestedAttribute{ - Description: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", - MarkdownDescription: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", + Description: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + MarkdownDescription: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", Attributes: map[string]schema.Attribute{ "dns": schema.ListNestedAttribute{ Description: "DNS-specific rules.", @@ -3037,8 +3037,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -3048,8 +3048,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -3070,13 +3070,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "header_matches": schema.ListNestedAttribute{ - Description: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", - MarkdownDescription: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", + Description: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + MarkdownDescription: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mismatch": schema.StringAttribute{ - Description: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", - MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", + Description: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", Required: false, Optional: true, Computed: false, @@ -3097,8 +3097,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "secret": schema.SingleNestedAttribute{ - Description: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", - MarkdownDescription: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", + Description: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", + MarkdownDescription: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -3109,8 +3109,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -3122,8 +3122,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "value": schema.StringAttribute{ - Description: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", - MarkdownDescription: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", + Description: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", + MarkdownDescription: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", Required: false, Optional: true, Computed: false, @@ -3136,8 +3136,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "headers": schema.ListAttribute{ - Description: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", - MarkdownDescription: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", + Description: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + MarkdownDescription: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", ElementType: types.StringType, Required: false, Optional: true, @@ -3145,24 +3145,24 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "host": schema.StringAttribute{ - Description: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", - MarkdownDescription: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", + Description: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", + MarkdownDescription: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", Required: false, Optional: true, Computed: false, }, "method": schema.StringAttribute{ - Description: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", - MarkdownDescription: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", + Description: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", + MarkdownDescription: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", - MarkdownDescription: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", + Description: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", + MarkdownDescription: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", Required: false, Optional: true, Computed: false, @@ -3180,32 +3180,32 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_key": schema.StringAttribute{ - Description: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", - MarkdownDescription: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", + Description: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", + MarkdownDescription: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, }, "api_version": schema.StringAttribute{ - Description: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", - MarkdownDescription: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", + Description: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", + MarkdownDescription: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", Required: false, Optional: true, Computed: false, }, "client_id": schema.StringAttribute{ - Description: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", - MarkdownDescription: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", + Description: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", + MarkdownDescription: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", Required: false, Optional: true, Computed: false, }, "role": schema.StringAttribute{ - Description: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", - MarkdownDescription: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", + Description: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + MarkdownDescription: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, @@ -3215,8 +3215,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "topic": schema.StringAttribute{ - Description: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", - MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", + Description: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", + MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", Required: false, Optional: true, Computed: false, @@ -3254,8 +3254,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "server_names": schema.ListAttribute{ - Description: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", - MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", + Description: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", + MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", ElementType: types.StringType, Required: false, Optional: true, @@ -3263,28 +3263,28 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "terminating_tls": schema.SingleNestedAttribute{ - Description: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", - MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", + Description: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -3295,8 +3295,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -3308,8 +3308,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -3333,13 +3333,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "ingress_deny": schema.ListNestedAttribute{ - Description: "IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress.", - MarkdownDescription: "IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress.", + Description: "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", + MarkdownDescription: "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "from_cidr": schema.ListAttribute{ - Description: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", - MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", + Description: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", + MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", ElementType: types.StringType, Required: false, Optional: true, @@ -3347,8 +3347,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_cidr_set": schema.ListNestedAttribute{ - Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", - MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -3360,8 +3360,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -3372,8 +3372,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -3387,8 +3387,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_endpoints": schema.ListNestedAttribute{ - Description: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", - MarkdownDescription: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", + Description: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", + MarkdownDescription: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -3405,8 +3405,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3416,8 +3416,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3431,8 +3431,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3446,8 +3446,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_entities": schema.ListAttribute{ - Description: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", - MarkdownDescription: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", + Description: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", + MarkdownDescription: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", ElementType: types.StringType, Required: false, Optional: true, @@ -3455,8 +3455,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_groups": schema.ListNestedAttribute{ - Description: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -3510,8 +3510,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_nodes": schema.ListNestedAttribute{ - Description: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", - MarkdownDescription: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", + Description: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", + MarkdownDescription: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -3528,8 +3528,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3539,8 +3539,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3554,8 +3554,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3569,8 +3569,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_requires": schema.ListNestedAttribute{ - Description: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", - MarkdownDescription: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", + Description: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", + MarkdownDescription: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -3587,8 +3587,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3598,8 +3598,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3613,8 +3613,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3628,8 +3628,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -3638,8 +3638,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -3649,8 +3649,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -3669,8 +3669,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp.", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp.", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp.", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ @@ -3691,8 +3691,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -3702,8 +3702,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -3731,8 +3731,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "labels": schema.ListNestedAttribute{ - Description: "Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels.", - MarkdownDescription: "Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels.", + Description: "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", + MarkdownDescription: "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -3766,8 +3766,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "node_selector": schema.SingleNestedAttribute{ - Description: "NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", - MarkdownDescription: "NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + Description: "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + MarkdownDescription: "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3783,8 +3783,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3794,8 +3794,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -3809,8 +3809,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -3833,16 +3833,16 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "description": schema.StringAttribute{ - Description: "Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment.", - MarkdownDescription: "Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment.", + Description: "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", + MarkdownDescription: "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", Required: false, Optional: true, Computed: false, }, "egress": schema.ListNestedAttribute{ - Description: "Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress.", - MarkdownDescription: "Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress.", + Description: "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", + MarkdownDescription: "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "authentication": schema.SingleNestedAttribute{ @@ -3866,8 +3866,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -3876,8 +3876,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -3887,8 +3887,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -3907,8 +3907,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_cidr": schema.ListAttribute{ - Description: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", - MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", + Description: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", + MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", ElementType: types.StringType, Required: false, Optional: true, @@ -3916,8 +3916,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_cidr_set": schema.ListNestedAttribute{ - Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", - MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -3929,8 +3929,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -3941,8 +3941,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -3956,8 +3956,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_endpoints": schema.ListNestedAttribute{ - Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", - MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", + Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", + MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -3974,8 +3974,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -3985,8 +3985,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -4000,8 +4000,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4015,8 +4015,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_entities": schema.ListAttribute{ - Description: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", - MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", + Description: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", + MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", ElementType: types.StringType, Required: false, Optional: true, @@ -4024,13 +4024,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_fqd_ns": schema.ListNestedAttribute{ - Description: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules.", - MarkdownDescription: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules.", + Description: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules.", + MarkdownDescription: "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -4040,8 +4040,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -4057,8 +4057,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_groups": schema.ListNestedAttribute{ - Description: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -4112,8 +4112,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_nodes": schema.ListNestedAttribute{ - Description: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", - MarkdownDescription: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + Description: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", + MarkdownDescription: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -4130,8 +4130,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -4141,8 +4141,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -4156,8 +4156,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4171,21 +4171,21 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.SingleNestedAttribute{ - Description: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", - MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", + Description: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", + MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", Attributes: map[string]schema.Attribute{ "envoy_config": schema.SingleNestedAttribute{ - Description: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", - MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", + Description: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", + MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", - MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", + Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", + MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", Required: false, Optional: true, Computed: false, @@ -4195,8 +4195,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "name": schema.StringAttribute{ - Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", - MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", + Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", + MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", Required: true, Optional: false, Computed: false, @@ -4222,8 +4222,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "priority": schema.Int64Attribute{ - Description: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", - MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", + Description: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", + MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", Required: false, Optional: true, Computed: false, @@ -4239,28 +4239,28 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "originating_tls": schema.SingleNestedAttribute{ - Description: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", - MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", + Description: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -4271,8 +4271,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -4284,8 +4284,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -4314,8 +4314,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -4325,8 +4325,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -4342,8 +4342,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "rules": schema.SingleNestedAttribute{ - Description: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", - MarkdownDescription: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", + Description: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + MarkdownDescription: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", Attributes: map[string]schema.Attribute{ "dns": schema.ListNestedAttribute{ Description: "DNS-specific rules.", @@ -4351,8 +4351,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -4362,8 +4362,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -4384,13 +4384,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "header_matches": schema.ListNestedAttribute{ - Description: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", - MarkdownDescription: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", + Description: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + MarkdownDescription: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mismatch": schema.StringAttribute{ - Description: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", - MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", + Description: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", Required: false, Optional: true, Computed: false, @@ -4411,8 +4411,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "secret": schema.SingleNestedAttribute{ - Description: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", - MarkdownDescription: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", + Description: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", + MarkdownDescription: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -4423,8 +4423,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -4436,8 +4436,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "value": schema.StringAttribute{ - Description: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", - MarkdownDescription: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", + Description: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", + MarkdownDescription: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", Required: false, Optional: true, Computed: false, @@ -4450,8 +4450,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "headers": schema.ListAttribute{ - Description: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", - MarkdownDescription: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", + Description: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + MarkdownDescription: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", ElementType: types.StringType, Required: false, Optional: true, @@ -4459,24 +4459,24 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "host": schema.StringAttribute{ - Description: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", - MarkdownDescription: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", + Description: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", + MarkdownDescription: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", Required: false, Optional: true, Computed: false, }, "method": schema.StringAttribute{ - Description: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", - MarkdownDescription: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", + Description: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", + MarkdownDescription: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", - MarkdownDescription: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", + Description: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", + MarkdownDescription: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", Required: false, Optional: true, Computed: false, @@ -4494,32 +4494,32 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_key": schema.StringAttribute{ - Description: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", - MarkdownDescription: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", + Description: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", + MarkdownDescription: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, }, "api_version": schema.StringAttribute{ - Description: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", - MarkdownDescription: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", + Description: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", + MarkdownDescription: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", Required: false, Optional: true, Computed: false, }, "client_id": schema.StringAttribute{ - Description: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", - MarkdownDescription: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", + Description: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", + MarkdownDescription: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", Required: false, Optional: true, Computed: false, }, "role": schema.StringAttribute{ - Description: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", - MarkdownDescription: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", + Description: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + MarkdownDescription: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, @@ -4529,8 +4529,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "topic": schema.StringAttribute{ - Description: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", - MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", + Description: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", + MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", Required: false, Optional: true, Computed: false, @@ -4568,8 +4568,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "server_names": schema.ListAttribute{ - Description: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", - MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", + Description: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", + MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", ElementType: types.StringType, Required: false, Optional: true, @@ -4577,28 +4577,28 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "terminating_tls": schema.SingleNestedAttribute{ - Description: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", - MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", + Description: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -4609,8 +4609,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -4622,8 +4622,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -4641,8 +4641,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_requires": schema.ListNestedAttribute{ - Description: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", - MarkdownDescription: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", + Description: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", + MarkdownDescription: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -4659,8 +4659,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -4670,8 +4670,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -4685,8 +4685,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4700,8 +4700,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_services": schema.ListNestedAttribute{ - Description: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", - MarkdownDescription: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", + Description: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", + MarkdownDescription: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "k8s_service": schema.SingleNestedAttribute{ @@ -4759,8 +4759,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -4770,8 +4770,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -4785,8 +4785,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4816,13 +4816,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "egress_deny": schema.ListNestedAttribute{ - Description: "EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress.", - MarkdownDescription: "EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress.", + Description: "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", + MarkdownDescription: "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -4831,8 +4831,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -4842,8 +4842,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -4862,8 +4862,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_cidr": schema.ListAttribute{ - Description: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", - MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24", + Description: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", + MarkdownDescription: "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24", ElementType: types.StringType, Required: false, Optional: true, @@ -4871,8 +4871,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_cidr_set": schema.ListNestedAttribute{ - Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", - MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + Description: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + MarkdownDescription: "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -4884,8 +4884,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -4896,8 +4896,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -4911,8 +4911,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_endpoints": schema.ListNestedAttribute{ - Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", - MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'.", + Description: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", + MarkdownDescription: "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -4929,8 +4929,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -4940,8 +4940,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -4955,8 +4955,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -4970,8 +4970,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_entities": schema.ListAttribute{ - Description: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", - MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'.", + Description: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", + MarkdownDescription: "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'.", ElementType: types.StringType, Required: false, Optional: true, @@ -4979,8 +4979,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_groups": schema.ListNestedAttribute{ - Description: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -5034,8 +5034,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_nodes": schema.ListNestedAttribute{ - Description: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", - MarkdownDescription: "ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + Description: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", + MarkdownDescription: "ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5052,8 +5052,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5063,8 +5063,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5078,8 +5078,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5093,8 +5093,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ @@ -5115,8 +5115,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -5126,8 +5126,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -5149,8 +5149,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_requires": schema.ListNestedAttribute{ - Description: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", - MarkdownDescription: "ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'.", + Description: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", + MarkdownDescription: "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5167,8 +5167,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5178,8 +5178,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5193,8 +5193,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5208,8 +5208,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_services": schema.ListNestedAttribute{ - Description: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", - MarkdownDescription: "ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service", + Description: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", + MarkdownDescription: "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "k8s_service": schema.SingleNestedAttribute{ @@ -5267,8 +5267,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5278,8 +5278,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5293,8 +5293,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5324,20 +5324,20 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "enable_default_deny": schema.SingleNestedAttribute{ - Description: "EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode.", - MarkdownDescription: "EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode.", + Description: "EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode.", + MarkdownDescription: "EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode.", Attributes: map[string]schema.Attribute{ "egress": schema.BoolAttribute{ - Description: "Whether or not the endpoint should have a default-deny rule appliedto egress traffic.", - MarkdownDescription: "Whether or not the endpoint should have a default-deny rule appliedto egress traffic.", + Description: "Whether or not the endpoint should have a default-deny rule applied to egress traffic.", + MarkdownDescription: "Whether or not the endpoint should have a default-deny rule applied to egress traffic.", Required: false, Optional: true, Computed: false, }, "ingress": schema.BoolAttribute{ - Description: "Whether or not the endpoint should have a default-deny rule appliedto ingress traffic.", - MarkdownDescription: "Whether or not the endpoint should have a default-deny rule appliedto ingress traffic.", + Description: "Whether or not the endpoint should have a default-deny rule applied to ingress traffic.", + MarkdownDescription: "Whether or not the endpoint should have a default-deny rule applied to ingress traffic.", Required: false, Optional: true, Computed: false, @@ -5349,8 +5349,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "endpoint_selector": schema.SingleNestedAttribute{ - Description: "EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive.", - MarkdownDescription: "EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive.", + Description: "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", + MarkdownDescription: "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -5366,8 +5366,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5377,8 +5377,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5392,8 +5392,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5406,8 +5406,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "ingress": schema.ListNestedAttribute{ - Description: "Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress.", - MarkdownDescription: "Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress.", + Description: "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", + MarkdownDescription: "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "authentication": schema.SingleNestedAttribute{ @@ -5431,8 +5431,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_cidr": schema.ListAttribute{ - Description: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", - MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", + Description: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", + MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", ElementType: types.StringType, Required: false, Optional: true, @@ -5440,8 +5440,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_cidr_set": schema.ListNestedAttribute{ - Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", - MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -5453,8 +5453,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -5465,8 +5465,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -5480,8 +5480,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_endpoints": schema.ListNestedAttribute{ - Description: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", - MarkdownDescription: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", + Description: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", + MarkdownDescription: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5498,8 +5498,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5509,8 +5509,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5524,8 +5524,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5539,8 +5539,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_entities": schema.ListAttribute{ - Description: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", - MarkdownDescription: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", + Description: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", + MarkdownDescription: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", ElementType: types.StringType, Required: false, Optional: true, @@ -5548,8 +5548,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_groups": schema.ListNestedAttribute{ - Description: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -5603,8 +5603,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_nodes": schema.ListNestedAttribute{ - Description: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", - MarkdownDescription: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", + Description: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", + MarkdownDescription: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5621,8 +5621,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5632,8 +5632,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5647,8 +5647,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5662,8 +5662,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_requires": schema.ListNestedAttribute{ - Description: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", - MarkdownDescription: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", + Description: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", + MarkdownDescription: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -5680,8 +5680,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -5691,8 +5691,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -5706,8 +5706,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -5721,8 +5721,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -5731,8 +5731,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -5742,8 +5742,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -5762,21 +5762,21 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp.", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp.", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp.", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "listener": schema.SingleNestedAttribute{ - Description: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", - MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should beredirected to.", + Description: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", + MarkdownDescription: "listener specifies the name of a custom Envoy listener to which this traffic should be redirected to.", Attributes: map[string]schema.Attribute{ "envoy_config": schema.SingleNestedAttribute{ - Description: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", - MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined.", + Description: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", + MarkdownDescription: "EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined.", Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", - MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed.", + Description: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", + MarkdownDescription: "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed.", Required: false, Optional: true, Computed: false, @@ -5786,8 +5786,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "name": schema.StringAttribute{ - Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", - MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in.", + Description: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", + MarkdownDescription: "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in.", Required: true, Optional: false, Computed: false, @@ -5813,8 +5813,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "priority": schema.Int64Attribute{ - Description: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", - MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent.", + Description: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", + MarkdownDescription: "Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent.", Required: false, Optional: true, Computed: false, @@ -5830,28 +5830,28 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "originating_tls": schema.SingleNestedAttribute{ - Description: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", - MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint.", + Description: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + MarkdownDescription: "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -5862,8 +5862,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -5875,8 +5875,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -5905,8 +5905,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -5916,8 +5916,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -5933,8 +5933,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "rules": schema.SingleNestedAttribute{ - Description: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", - MarkdownDescription: "Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced.", + Description: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + MarkdownDescription: "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", Attributes: map[string]schema.Attribute{ "dns": schema.ListNestedAttribute{ Description: "DNS-specific rules.", @@ -5942,8 +5942,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_name": schema.StringAttribute{ - Description: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", - MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing.", + Description: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", + MarkdownDescription: "MatchName matches literal DNS names. A trailing '.' is automatically added when missing.", Required: false, Optional: true, Computed: false, @@ -5953,8 +5953,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_pattern": schema.StringAttribute{ - Description: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", - MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + Description: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + MarkdownDescription: "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", Required: false, Optional: true, Computed: false, @@ -5975,13 +5975,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "header_matches": schema.ListNestedAttribute{ - Description: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", - MarkdownDescription: "HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match.", + Description: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + MarkdownDescription: "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "mismatch": schema.StringAttribute{ - Description: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", - MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log.", + Description: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + MarkdownDescription: "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", Required: false, Optional: true, Computed: false, @@ -6002,8 +6002,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "secret": schema.SingleNestedAttribute{ - Description: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", - MarkdownDescription: "Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail.", + Description: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", + MarkdownDescription: "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -6014,8 +6014,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -6027,8 +6027,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "value": schema.StringAttribute{ - Description: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", - MarkdownDescription: "Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case.", + Description: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", + MarkdownDescription: "Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case.", Required: false, Optional: true, Computed: false, @@ -6041,8 +6041,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "headers": schema.ListAttribute{ - Description: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", - MarkdownDescription: "Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present.", + Description: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + MarkdownDescription: "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", ElementType: types.StringType, Required: false, Optional: true, @@ -6050,24 +6050,24 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "host": schema.StringAttribute{ - Description: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", - MarkdownDescription: "Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored.", + Description: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", + MarkdownDescription: "Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored.", Required: false, Optional: true, Computed: false, }, "method": schema.StringAttribute{ - Description: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", - MarkdownDescription: "Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed.", + Description: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", + MarkdownDescription: "Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed.", Required: false, Optional: true, Computed: false, }, "path": schema.StringAttribute{ - Description: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", - MarkdownDescription: "Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed.", + Description: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", + MarkdownDescription: "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed.", Required: false, Optional: true, Computed: false, @@ -6085,32 +6085,32 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_key": schema.StringAttribute{ - Description: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", - MarkdownDescription: "APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed.", + Description: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", + MarkdownDescription: "APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, }, "api_version": schema.StringAttribute{ - Description: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", - MarkdownDescription: "APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed.", + Description: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", + MarkdownDescription: "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed.", Required: false, Optional: true, Computed: false, }, "client_id": schema.StringAttribute{ - Description: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", - MarkdownDescription: "ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed.", + Description: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", + MarkdownDescription: "ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed.", Required: false, Optional: true, Computed: false, }, "role": schema.StringAttribute{ - Description: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", - MarkdownDescription: "Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed.", + Description: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + MarkdownDescription: "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed.", Required: false, Optional: true, Computed: false, @@ -6120,8 +6120,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "topic": schema.StringAttribute{ - Description: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", - MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed.", + Description: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", + MarkdownDescription: "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed.", Required: false, Optional: true, Computed: false, @@ -6159,8 +6159,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "server_names": schema.ListAttribute{ - Description: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", - MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake.", + Description: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", + MarkdownDescription: "ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake.", ElementType: types.StringType, Required: false, Optional: true, @@ -6168,28 +6168,28 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "terminating_tls": schema.SingleNestedAttribute{ - Description: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", - MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy.", + Description: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + MarkdownDescription: "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", Attributes: map[string]schema.Attribute{ "certificate": schema.StringAttribute{ - Description: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", - MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist.", + Description: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "private_key": schema.StringAttribute{ - Description: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", - MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist.", + Description: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, }, "secret": schema.SingleNestedAttribute{ - Description: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", - MarkdownDescription: "Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + Description: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + MarkdownDescription: "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the secret.", @@ -6200,8 +6200,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", - MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default').", + Description: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", + MarkdownDescription: "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default').", Required: false, Optional: true, Computed: false, @@ -6213,8 +6213,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "trusted_ca": schema.StringAttribute{ - Description: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", - MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist.", + Description: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + MarkdownDescription: "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", Required: false, Optional: true, Computed: false, @@ -6238,13 +6238,13 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "ingress_deny": schema.ListNestedAttribute{ - Description: "IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress.", - MarkdownDescription: "IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress.", + Description: "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", + MarkdownDescription: "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "from_cidr": schema.ListAttribute{ - Description: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", - MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1", + Description: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", + MarkdownDescription: "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1", ElementType: types.StringType, Required: false, Optional: true, @@ -6252,8 +6252,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_cidr_set": schema.ListNestedAttribute{ - Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", - MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + Description: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + MarkdownDescription: "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ @@ -6265,8 +6265,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "cidr_group_ref": schema.StringAttribute{ - Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", - MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from.", + Description: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", + MarkdownDescription: "CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from.", Required: false, Optional: true, Computed: false, @@ -6277,8 +6277,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "except": schema.ListAttribute{ - Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", - MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules.", + Description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + MarkdownDescription: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", ElementType: types.StringType, Required: false, Optional: true, @@ -6292,8 +6292,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_endpoints": schema.ListNestedAttribute{ - Description: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", - MarkdownDescription: "FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'.", + Description: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", + MarkdownDescription: "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -6310,8 +6310,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -6321,8 +6321,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -6336,8 +6336,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -6351,8 +6351,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_entities": schema.ListAttribute{ - Description: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", - MarkdownDescription: "FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host'", + Description: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", + MarkdownDescription: "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host'", ElementType: types.StringType, Required: false, Optional: true, @@ -6360,8 +6360,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_groups": schema.ListNestedAttribute{ - Description: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", - MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + Description: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + MarkdownDescription: "FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "aws": schema.SingleNestedAttribute{ @@ -6415,8 +6415,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_nodes": schema.ListNestedAttribute{ - Description: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", - MarkdownDescription: "FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.", + Description: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", + MarkdownDescription: "FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -6433,8 +6433,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -6444,8 +6444,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -6459,8 +6459,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -6474,8 +6474,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "from_requires": schema.ListNestedAttribute{ - Description: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", - MarkdownDescription: "FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'.", + Description: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", + MarkdownDescription: "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ @@ -6492,8 +6492,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -6503,8 +6503,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -6518,8 +6518,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -6533,8 +6533,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "icmps": schema.ListNestedAttribute{ - Description: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections.", - MarkdownDescription: "ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections.", + Description: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections.", + MarkdownDescription: "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "fields": schema.ListNestedAttribute{ @@ -6543,8 +6543,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "family": schema.StringAttribute{ - Description: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", - MarkdownDescription: "Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default.", + Description: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", + MarkdownDescription: "Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default.", Required: false, Optional: true, Computed: false, @@ -6554,8 +6554,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "type": schema.StringAttribute{ - Description: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", - MarkdownDescription: "Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + Description: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", + MarkdownDescription: "Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply", Required: true, Optional: false, Computed: false, @@ -6574,8 +6574,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "to_ports": schema.ListNestedAttribute{ - Description: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp.", - MarkdownDescription: "ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp.", + Description: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp.", + MarkdownDescription: "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ @@ -6596,8 +6596,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "port": schema.StringAttribute{ - Description: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", - MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'.", + Description: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", + MarkdownDescription: "Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'.", Required: true, Optional: false, Computed: false, @@ -6607,8 +6607,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "protocol": schema.StringAttribute{ - Description: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", - MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this.", + Description: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", + MarkdownDescription: "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this.", Required: false, Optional: true, Computed: false, @@ -6636,8 +6636,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "labels": schema.ListNestedAttribute{ - Description: "Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels.", - MarkdownDescription: "Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels.", + Description: "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", + MarkdownDescription: "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -6671,8 +6671,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "node_selector": schema.SingleNestedAttribute{ - Description: "NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", - MarkdownDescription: "NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + Description: "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + MarkdownDescription: "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -6688,8 +6688,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -6699,8 +6699,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -6714,8 +6714,8 @@ func (r *CiliumIoCiliumNetworkPolicyV2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/cilium_io_v2/cilium_io_cilium_node_v2_manifest.go b/internal/provider/cilium_io_v2/cilium_io_cilium_node_v2_manifest.go index dff222c58..66927f2e3 100644 --- a/internal/provider/cilium_io_v2/cilium_io_cilium_node_v2_manifest.go +++ b/internal/provider/cilium_io_v2/cilium_io_cilium_node_v2_manifest.go @@ -100,7 +100,7 @@ type CiliumIoCiliumNodeV2ManifestData struct { Max_above_watermark *int64 `tfsdk:"max_above_watermark" json:"max-above-watermark,omitempty"` Max_allocate *int64 `tfsdk:"max_allocate" json:"max-allocate,omitempty"` Min_allocate *int64 `tfsdk:"min_allocate" json:"min-allocate,omitempty"` - PodCIDRs *[]string `tfsdk:"pod_cid_rs" json:"podCIDRs,omitempty"` + PodCIDRs *[]string `tfsdk:"pod_cidrs" json:"podCIDRs,omitempty"` Pool *struct { Owner *string `tfsdk:"owner" json:"owner,omitempty"` Resource *string `tfsdk:"resource" json:"resource,omitempty"` @@ -130,8 +130,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Metadata(_ context.Context, request datas func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumNode represents a node managed by Cilium. It contains a specificationto control various node specific configuration aspects and a status sectionto represent the status of the node.", - MarkdownDescription: "CiliumNode represents a node managed by Cilium. It contains a specificationto control various node specific configuration aspects and a status sectionto represent the status of the node.", + Description: "CiliumNode represents a node managed by Cilium. It contains a specification to control various node specific configuration aspects and a status section to represent the status of the node.", + MarkdownDescription: "CiliumNode represents a node managed by Cilium. It contains a specification to control various node specific configuration aspects and a status section to represent the status of the node.", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", @@ -221,8 +221,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc MarkdownDescription: "AlibabaCloud is the AlibabaCloud IPAM specific configuration.", Attributes: map[string]schema.Attribute{ "availability_zone": schema.StringAttribute{ - Description: "AvailabilityZone is the availability zone to use when allocatingENIs.", - MarkdownDescription: "AvailabilityZone is the availability zone to use when allocatingENIs.", + Description: "AvailabilityZone is the availability zone to use when allocating ENIs.", + MarkdownDescription: "AvailabilityZone is the availability zone to use when allocating ENIs.", Required: false, Optional: true, Computed: false, @@ -245,8 +245,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "security_group_tags": schema.MapAttribute{ - Description: "SecurityGroupTags is the list of tags to use when evaluating whichsecurity groups to use for the ENI.", - MarkdownDescription: "SecurityGroupTags is the list of tags to use when evaluating whichsecurity groups to use for the ENI.", + Description: "SecurityGroupTags is the list of tags to use when evaluating which security groups to use for the ENI.", + MarkdownDescription: "SecurityGroupTags is the list of tags to use when evaluating which security groups to use for the ENI.", ElementType: types.StringType, Required: false, Optional: true, @@ -254,8 +254,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "security_groups": schema.ListAttribute{ - Description: "SecurityGroups is the list of security groups to attach to any ENIthat is created and attached to the instance.", - MarkdownDescription: "SecurityGroups is the list of security groups to attach to any ENIthat is created and attached to the instance.", + Description: "SecurityGroups is the list of security groups to attach to any ENI that is created and attached to the instance.", + MarkdownDescription: "SecurityGroups is the list of security groups to attach to any ENI that is created and attached to the instance.", ElementType: types.StringType, Required: false, Optional: true, @@ -271,8 +271,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "vswitch_tags": schema.MapAttribute{ - Description: "VSwitchTags is the list of tags to use when evaluating whichvSwitch to use for the ENI.", - MarkdownDescription: "VSwitchTags is the list of tags to use when evaluating whichvSwitch to use for the ENI.", + Description: "VSwitchTags is the list of tags to use when evaluating which vSwitch to use for the ENI.", + MarkdownDescription: "VSwitchTags is the list of tags to use when evaluating which vSwitch to use for the ENI.", ElementType: types.StringType, Required: false, Optional: true, @@ -298,8 +298,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc MarkdownDescription: "Azure is the Azure IPAM specific configuration.", Attributes: map[string]schema.Attribute{ "interface_name": schema.StringAttribute{ - Description: "InterfaceName is the name of the interface the cilium-operatorwill use to allocate all the IPs on", - MarkdownDescription: "InterfaceName is the name of the interface the cilium-operatorwill use to allocate all the IPs on", + Description: "InterfaceName is the name of the interface the cilium-operator will use to allocate all the IPs on", + MarkdownDescription: "InterfaceName is the name of the interface the cilium-operator will use to allocate all the IPs on", Required: false, Optional: true, Computed: false, @@ -323,8 +323,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc MarkdownDescription: "Encryption is the encryption configuration of the node.", Attributes: map[string]schema.Attribute{ "key": schema.Int64Attribute{ - Description: "Key is the index to the key to use for encryption or 0 if encryption isdisabled.", - MarkdownDescription: "Key is the index to the key to use for encryption or 0 if encryption isdisabled.", + Description: "Key is the index to the key to use for encryption or 0 if encryption is disabled.", + MarkdownDescription: "Key is the index to the key to use for encryption or 0 if encryption is disabled.", Required: false, Optional: true, Computed: false, @@ -340,32 +340,32 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc MarkdownDescription: "ENI is the AWS ENI specific configuration.", Attributes: map[string]schema.Attribute{ "availability_zone": schema.StringAttribute{ - Description: "AvailabilityZone is the availability zone to use when allocatingENIs.", - MarkdownDescription: "AvailabilityZone is the availability zone to use when allocatingENIs.", + Description: "AvailabilityZone is the availability zone to use when allocating ENIs.", + MarkdownDescription: "AvailabilityZone is the availability zone to use when allocating ENIs.", Required: false, Optional: true, Computed: false, }, "delete_on_termination": schema.BoolAttribute{ - Description: "DeleteOnTermination defines that the ENI should be deleted when theassociated instance is terminated. If the parameter is not set thedefault behavior is to delete the ENI on instance termination.", - MarkdownDescription: "DeleteOnTermination defines that the ENI should be deleted when theassociated instance is terminated. If the parameter is not set thedefault behavior is to delete the ENI on instance termination.", + Description: "DeleteOnTermination defines that the ENI should be deleted when the associated instance is terminated. If the parameter is not set the default behavior is to delete the ENI on instance termination.", + MarkdownDescription: "DeleteOnTermination defines that the ENI should be deleted when the associated instance is terminated. If the parameter is not set the default behavior is to delete the ENI on instance termination.", Required: false, Optional: true, Computed: false, }, "disable_prefix_delegation": schema.BoolAttribute{ - Description: "DisablePrefixDelegation determines whether ENI prefix delegation should bedisabled on this node.", - MarkdownDescription: "DisablePrefixDelegation determines whether ENI prefix delegation should bedisabled on this node.", + Description: "DisablePrefixDelegation determines whether ENI prefix delegation should be disabled on this node.", + MarkdownDescription: "DisablePrefixDelegation determines whether ENI prefix delegation should be disabled on this node.", Required: false, Optional: true, Computed: false, }, "exclude_interface_tags": schema.MapAttribute{ - Description: "ExcludeInterfaceTags is the list of tags to use when excluding ENIs forCilium IP allocation. Any interface matching this set of tags will notbe managed by Cilium.", - MarkdownDescription: "ExcludeInterfaceTags is the list of tags to use when excluding ENIs forCilium IP allocation. Any interface matching this set of tags will notbe managed by Cilium.", + Description: "ExcludeInterfaceTags is the list of tags to use when excluding ENIs for Cilium IP allocation. Any interface matching this set of tags will not be managed by Cilium.", + MarkdownDescription: "ExcludeInterfaceTags is the list of tags to use when excluding ENIs for Cilium IP allocation. Any interface matching this set of tags will not be managed by Cilium.", ElementType: types.StringType, Required: false, Optional: true, @@ -373,8 +373,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "first_interface_index": schema.Int64Attribute{ - Description: "FirstInterfaceIndex is the index of the first ENI to use for IPallocation, e.g. if the node has eth0, eth1, eth2 andFirstInterfaceIndex is set to 1, then only eth1 and eth2 will beused for IP allocation, eth0 will be ignored for PodIP allocation.", - MarkdownDescription: "FirstInterfaceIndex is the index of the first ENI to use for IPallocation, e.g. if the node has eth0, eth1, eth2 andFirstInterfaceIndex is set to 1, then only eth1 and eth2 will beused for IP allocation, eth0 will be ignored for PodIP allocation.", + Description: "FirstInterfaceIndex is the index of the first ENI to use for IP allocation, e.g. if the node has eth0, eth1, eth2 and FirstInterfaceIndex is set to 1, then only eth1 and eth2 will be used for IP allocation, eth0 will be ignored for PodIP allocation.", + MarkdownDescription: "FirstInterfaceIndex is the index of the first ENI to use for IP allocation, e.g. if the node has eth0, eth1, eth2 and FirstInterfaceIndex is set to 1, then only eth1 and eth2 will be used for IP allocation, eth0 will be ignored for PodIP allocation.", Required: false, Optional: true, Computed: false, @@ -384,8 +384,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "instance_id": schema.StringAttribute{ - Description: "InstanceID is the AWS InstanceId of the node. The InstanceID is usedto retrieve AWS metadata for the node.OBSOLETE: This field is obsolete, please use Spec.InstanceID", - MarkdownDescription: "InstanceID is the AWS InstanceId of the node. The InstanceID is usedto retrieve AWS metadata for the node.OBSOLETE: This field is obsolete, please use Spec.InstanceID", + Description: "InstanceID is the AWS InstanceId of the node. The InstanceID is used to retrieve AWS metadata for the node. OBSOLETE: This field is obsolete, please use Spec.InstanceID", + MarkdownDescription: "InstanceID is the AWS InstanceId of the node. The InstanceID is used to retrieve AWS metadata for the node. OBSOLETE: This field is obsolete, please use Spec.InstanceID", Required: false, Optional: true, Computed: false, @@ -400,8 +400,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "max_above_watermark": schema.Int64Attribute{ - Description: "MaxAboveWatermark is the maximum number of addresses to allocatebeyond the addresses needed to reach the PreAllocate watermark.Going above the watermark can help reduce the number of API calls toallocate IPs, e.g. when a new ENI is allocated, as many secondaryIPs as possible are allocated. Limiting the amount can help reducewaste of IPs.OBSOLETE: This field is obsolete, please use Spec.IPAM.MaxAboveWatermark", - MarkdownDescription: "MaxAboveWatermark is the maximum number of addresses to allocatebeyond the addresses needed to reach the PreAllocate watermark.Going above the watermark can help reduce the number of API calls toallocate IPs, e.g. when a new ENI is allocated, as many secondaryIPs as possible are allocated. Limiting the amount can help reducewaste of IPs.OBSOLETE: This field is obsolete, please use Spec.IPAM.MaxAboveWatermark", + Description: "MaxAboveWatermark is the maximum number of addresses to allocate beyond the addresses needed to reach the PreAllocate watermark. Going above the watermark can help reduce the number of API calls to allocate IPs, e.g. when a new ENI is allocated, as many secondary IPs as possible are allocated. Limiting the amount can help reduce waste of IPs. OBSOLETE: This field is obsolete, please use Spec.IPAM.MaxAboveWatermark", + MarkdownDescription: "MaxAboveWatermark is the maximum number of addresses to allocate beyond the addresses needed to reach the PreAllocate watermark. Going above the watermark can help reduce the number of API calls to allocate IPs, e.g. when a new ENI is allocated, as many secondary IPs as possible are allocated. Limiting the amount can help reduce waste of IPs. OBSOLETE: This field is obsolete, please use Spec.IPAM.MaxAboveWatermark", Required: false, Optional: true, Computed: false, @@ -411,8 +411,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "min_allocate": schema.Int64Attribute{ - Description: "MinAllocate is the minimum number of IPs that must be allocated whenthe node is first bootstrapped. It defines the minimum base socketof addresses that must be available. After reaching this watermark,the PreAllocate and MaxAboveWatermark logic takes over to continueallocating IPs.OBSOLETE: This field is obsolete, please use Spec.IPAM.MinAllocate", - MarkdownDescription: "MinAllocate is the minimum number of IPs that must be allocated whenthe node is first bootstrapped. It defines the minimum base socketof addresses that must be available. After reaching this watermark,the PreAllocate and MaxAboveWatermark logic takes over to continueallocating IPs.OBSOLETE: This field is obsolete, please use Spec.IPAM.MinAllocate", + Description: "MinAllocate is the minimum number of IPs that must be allocated when the node is first bootstrapped. It defines the minimum base socket of addresses that must be available. After reaching this watermark, the PreAllocate and MaxAboveWatermark logic takes over to continue allocating IPs. OBSOLETE: This field is obsolete, please use Spec.IPAM.MinAllocate", + MarkdownDescription: "MinAllocate is the minimum number of IPs that must be allocated when the node is first bootstrapped. It defines the minimum base socket of addresses that must be available. After reaching this watermark, the PreAllocate and MaxAboveWatermark logic takes over to continue allocating IPs. OBSOLETE: This field is obsolete, please use Spec.IPAM.MinAllocate", Required: false, Optional: true, Computed: false, @@ -422,16 +422,16 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "node_subnet_id": schema.StringAttribute{ - Description: "NodeSubnetID is the subnet of the primary ENI the instance was brought upwith. It is used as a sensible default subnet to create ENIs in.", - MarkdownDescription: "NodeSubnetID is the subnet of the primary ENI the instance was brought upwith. It is used as a sensible default subnet to create ENIs in.", + Description: "NodeSubnetID is the subnet of the primary ENI the instance was brought up with. It is used as a sensible default subnet to create ENIs in.", + MarkdownDescription: "NodeSubnetID is the subnet of the primary ENI the instance was brought up with. It is used as a sensible default subnet to create ENIs in.", Required: false, Optional: true, Computed: false, }, "pre_allocate": schema.Int64Attribute{ - Description: "PreAllocate defines the number of IP addresses that must beavailable for allocation in the IPAMspec. It defines the buffer ofaddresses available immediately without requiring cilium-operator toget involved.OBSOLETE: This field is obsolete, please use Spec.IPAM.PreAllocate", - MarkdownDescription: "PreAllocate defines the number of IP addresses that must beavailable for allocation in the IPAMspec. It defines the buffer ofaddresses available immediately without requiring cilium-operator toget involved.OBSOLETE: This field is obsolete, please use Spec.IPAM.PreAllocate", + Description: "PreAllocate defines the number of IP addresses that must be available for allocation in the IPAMspec. It defines the buffer of addresses available immediately without requiring cilium-operator to get involved. OBSOLETE: This field is obsolete, please use Spec.IPAM.PreAllocate", + MarkdownDescription: "PreAllocate defines the number of IP addresses that must be available for allocation in the IPAMspec. It defines the buffer of addresses available immediately without requiring cilium-operator to get involved. OBSOLETE: This field is obsolete, please use Spec.IPAM.PreAllocate", Required: false, Optional: true, Computed: false, @@ -441,8 +441,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "security_group_tags": schema.MapAttribute{ - Description: "SecurityGroupTags is the list of tags to use when evaliating whatAWS security groups to use for the ENI.", - MarkdownDescription: "SecurityGroupTags is the list of tags to use when evaliating whatAWS security groups to use for the ENI.", + Description: "SecurityGroupTags is the list of tags to use when evaliating what AWS security groups to use for the ENI.", + MarkdownDescription: "SecurityGroupTags is the list of tags to use when evaliating what AWS security groups to use for the ENI.", ElementType: types.StringType, Required: false, Optional: true, @@ -450,8 +450,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "security_groups": schema.ListAttribute{ - Description: "SecurityGroups is the list of security groups to attach to any ENIthat is created and attached to the instance.", - MarkdownDescription: "SecurityGroups is the list of security groups to attach to any ENIthat is created and attached to the instance.", + Description: "SecurityGroups is the list of security groups to attach to any ENI that is created and attached to the instance.", + MarkdownDescription: "SecurityGroups is the list of security groups to attach to any ENI that is created and attached to the instance.", ElementType: types.StringType, Required: false, Optional: true, @@ -459,8 +459,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "subnet_ids": schema.ListAttribute{ - Description: "SubnetIDs is the list of subnet ids to use when evaluating what AWSsubnets to use for ENI and IP allocation.", - MarkdownDescription: "SubnetIDs is the list of subnet ids to use when evaluating what AWSsubnets to use for ENI and IP allocation.", + Description: "SubnetIDs is the list of subnet ids to use when evaluating what AWS subnets to use for ENI and IP allocation.", + MarkdownDescription: "SubnetIDs is the list of subnet ids to use when evaluating what AWS subnets to use for ENI and IP allocation.", ElementType: types.StringType, Required: false, Optional: true, @@ -468,8 +468,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "subnet_tags": schema.MapAttribute{ - Description: "SubnetTags is the list of tags to use when evaluating what AWSsubnets to use for ENI and IP allocation.", - MarkdownDescription: "SubnetTags is the list of tags to use when evaluating what AWSsubnets to use for ENI and IP allocation.", + Description: "SubnetTags is the list of tags to use when evaluating what AWS subnets to use for ENI and IP allocation.", + MarkdownDescription: "SubnetTags is the list of tags to use when evaluating what AWS subnets to use for ENI and IP allocation.", ElementType: types.StringType, Required: false, Optional: true, @@ -477,8 +477,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "use_primary_address": schema.BoolAttribute{ - Description: "UsePrimaryAddress determines whether an ENI's primary addressshould be available for allocations on the node", - MarkdownDescription: "UsePrimaryAddress determines whether an ENI's primary addressshould be available for allocations on the node", + Description: "UsePrimaryAddress determines whether an ENI's primary address should be available for allocations on the node", + MarkdownDescription: "UsePrimaryAddress determines whether an ENI's primary address should be available for allocations on the node", Required: false, Optional: true, Computed: false, @@ -498,8 +498,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "health": schema.SingleNestedAttribute{ - Description: "HealthAddressing is the addressing information for health connectivitychecking.", - MarkdownDescription: "HealthAddressing is the addressing information for health connectivitychecking.", + Description: "HealthAddressing is the addressing information for health connectivity checking.", + MarkdownDescription: "HealthAddressing is the addressing information for health connectivity checking.", Attributes: map[string]schema.Attribute{ "ipv4": schema.StringAttribute{ Description: "IPv4 is the IPv4 address of the IPv4 health endpoint.", @@ -548,32 +548,32 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "instance_id": schema.StringAttribute{ - Description: "InstanceID is the identifier of the node. This is different from thenode name which is typically the FQDN of the node. The InstanceIDtypically refers to the identifier used by the cloud provider orsome other means of identification.", - MarkdownDescription: "InstanceID is the identifier of the node. This is different from thenode name which is typically the FQDN of the node. The InstanceIDtypically refers to the identifier used by the cloud provider orsome other means of identification.", + Description: "InstanceID is the identifier of the node. This is different from the node name which is typically the FQDN of the node. The InstanceID typically refers to the identifier used by the cloud provider or some other means of identification.", + MarkdownDescription: "InstanceID is the identifier of the node. This is different from the node name which is typically the FQDN of the node. The InstanceID typically refers to the identifier used by the cloud provider or some other means of identification.", Required: false, Optional: true, Computed: false, }, "ipam": schema.SingleNestedAttribute{ - Description: "IPAM is the address management specification. This section can bepopulated by a user or it can be automatically populated by an IPAMoperator.", - MarkdownDescription: "IPAM is the address management specification. This section can bepopulated by a user or it can be automatically populated by an IPAMoperator.", + Description: "IPAM is the address management specification. This section can be populated by a user or it can be automatically populated by an IPAM operator.", + MarkdownDescription: "IPAM is the address management specification. This section can be populated by a user or it can be automatically populated by an IPAM operator.", Attributes: map[string]schema.Attribute{ "ipv6_pool": schema.SingleNestedAttribute{ - Description: "IPv6Pool is the list of IPv6 addresses available to the node for allocation.When an IPv6 address is used, it will remain on this list but will be added toStatus.IPAM.IPv6Used", - MarkdownDescription: "IPv6Pool is the list of IPv6 addresses available to the node for allocation.When an IPv6 address is used, it will remain on this list but will be added toStatus.IPAM.IPv6Used", + Description: "IPv6Pool is the list of IPv6 addresses available to the node for allocation. When an IPv6 address is used, it will remain on this list but will be added to Status.IPAM.IPv6Used", + MarkdownDescription: "IPv6Pool is the list of IPv6 addresses available to the node for allocation. When an IPv6 address is used, it will remain on this list but will be added to Status.IPAM.IPv6Used", Attributes: map[string]schema.Attribute{ "owner": schema.StringAttribute{ - Description: "Owner is the owner of the IP. This field is set if the IP has beenallocated. It will be set to the pod name or another identifierrepresenting the usage of the IPThe owner field is left blank for an entry in Spec.IPAM.Pool andfilled out as the IP is used and also added to Status.IPAM.Used.", - MarkdownDescription: "Owner is the owner of the IP. This field is set if the IP has beenallocated. It will be set to the pod name or another identifierrepresenting the usage of the IPThe owner field is left blank for an entry in Spec.IPAM.Pool andfilled out as the IP is used and also added to Status.IPAM.Used.", + Description: "Owner is the owner of the IP. This field is set if the IP has been allocated. It will be set to the pod name or another identifier representing the usage of the IP The owner field is left blank for an entry in Spec.IPAM.Pool and filled out as the IP is used and also added to Status.IPAM.Used.", + MarkdownDescription: "Owner is the owner of the IP. This field is set if the IP has been allocated. It will be set to the pod name or another identifier representing the usage of the IP The owner field is left blank for an entry in Spec.IPAM.Pool and filled out as the IP is used and also added to Status.IPAM.Used.", Required: false, Optional: true, Computed: false, }, "resource": schema.StringAttribute{ - Description: "Resource is set for both available and allocated IPs, it representswhat resource the IP is associated with, e.g. in combination withAWS ENI, this will refer to the ID of the ENI", - MarkdownDescription: "Resource is set for both available and allocated IPs, it representswhat resource the IP is associated with, e.g. in combination withAWS ENI, this will refer to the ID of the ENI", + Description: "Resource is set for both available and allocated IPs, it represents what resource the IP is associated with, e.g. in combination with AWS ENI, this will refer to the ID of the ENI", + MarkdownDescription: "Resource is set for both available and allocated IPs, it represents what resource the IP is associated with, e.g. in combination with AWS ENI, this will refer to the ID of the ENI", Required: false, Optional: true, Computed: false, @@ -585,8 +585,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "max_above_watermark": schema.Int64Attribute{ - Description: "MaxAboveWatermark is the maximum number of addresses to allocatebeyond the addresses needed to reach the PreAllocate watermark.Going above the watermark can help reduce the number of API calls toallocate IPs, e.g. when a new ENI is allocated, as many secondaryIPs as possible are allocated. Limiting the amount can help reducewaste of IPs.", - MarkdownDescription: "MaxAboveWatermark is the maximum number of addresses to allocatebeyond the addresses needed to reach the PreAllocate watermark.Going above the watermark can help reduce the number of API calls toallocate IPs, e.g. when a new ENI is allocated, as many secondaryIPs as possible are allocated. Limiting the amount can help reducewaste of IPs.", + Description: "MaxAboveWatermark is the maximum number of addresses to allocate beyond the addresses needed to reach the PreAllocate watermark. Going above the watermark can help reduce the number of API calls to allocate IPs, e.g. when a new ENI is allocated, as many secondary IPs as possible are allocated. Limiting the amount can help reduce waste of IPs.", + MarkdownDescription: "MaxAboveWatermark is the maximum number of addresses to allocate beyond the addresses needed to reach the PreAllocate watermark. Going above the watermark can help reduce the number of API calls to allocate IPs, e.g. when a new ENI is allocated, as many secondary IPs as possible are allocated. Limiting the amount can help reduce waste of IPs.", Required: false, Optional: true, Computed: false, @@ -596,8 +596,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "max_allocate": schema.Int64Attribute{ - Description: "MaxAllocate is the maximum number of IPs that can be allocated to thenode. When the current amount of allocated IPs will approach this value,the considered value for PreAllocate will decrease down to 0 in order tonot attempt to allocate more addresses than defined.", - MarkdownDescription: "MaxAllocate is the maximum number of IPs that can be allocated to thenode. When the current amount of allocated IPs will approach this value,the considered value for PreAllocate will decrease down to 0 in order tonot attempt to allocate more addresses than defined.", + Description: "MaxAllocate is the maximum number of IPs that can be allocated to the node. When the current amount of allocated IPs will approach this value, the considered value for PreAllocate will decrease down to 0 in order to not attempt to allocate more addresses than defined.", + MarkdownDescription: "MaxAllocate is the maximum number of IPs that can be allocated to the node. When the current amount of allocated IPs will approach this value, the considered value for PreAllocate will decrease down to 0 in order to not attempt to allocate more addresses than defined.", Required: false, Optional: true, Computed: false, @@ -607,8 +607,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "min_allocate": schema.Int64Attribute{ - Description: "MinAllocate is the minimum number of IPs that must be allocated whenthe node is first bootstrapped. It defines the minimum base socketof addresses that must be available. After reaching this watermark,the PreAllocate and MaxAboveWatermark logic takes over to continueallocating IPs.", - MarkdownDescription: "MinAllocate is the minimum number of IPs that must be allocated whenthe node is first bootstrapped. It defines the minimum base socketof addresses that must be available. After reaching this watermark,the PreAllocate and MaxAboveWatermark logic takes over to continueallocating IPs.", + Description: "MinAllocate is the minimum number of IPs that must be allocated when the node is first bootstrapped. It defines the minimum base socket of addresses that must be available. After reaching this watermark, the PreAllocate and MaxAboveWatermark logic takes over to continue allocating IPs.", + MarkdownDescription: "MinAllocate is the minimum number of IPs that must be allocated when the node is first bootstrapped. It defines the minimum base socket of addresses that must be available. After reaching this watermark, the PreAllocate and MaxAboveWatermark logic takes over to continue allocating IPs.", Required: false, Optional: true, Computed: false, @@ -617,9 +617,9 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, }, - "pod_cid_rs": schema.ListAttribute{ - Description: "PodCIDRs is the list of CIDRs available to the node for allocation.When an IP is used, the IP will be added to Status.IPAM.Used", - MarkdownDescription: "PodCIDRs is the list of CIDRs available to the node for allocation.When an IP is used, the IP will be added to Status.IPAM.Used", + "pod_cidrs": schema.ListAttribute{ + Description: "PodCIDRs is the list of CIDRs available to the node for allocation. When an IP is used, the IP will be added to Status.IPAM.Used", + MarkdownDescription: "PodCIDRs is the list of CIDRs available to the node for allocation. When an IP is used, the IP will be added to Status.IPAM.Used", ElementType: types.StringType, Required: false, Optional: true, @@ -627,20 +627,20 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "pool": schema.SingleNestedAttribute{ - Description: "Pool is the list of IPv4 addresses available to the node for allocation.When an IPv4 address is used, it will remain on this list but will be added toStatus.IPAM.Used", - MarkdownDescription: "Pool is the list of IPv4 addresses available to the node for allocation.When an IPv4 address is used, it will remain on this list but will be added toStatus.IPAM.Used", + Description: "Pool is the list of IPv4 addresses available to the node for allocation. When an IPv4 address is used, it will remain on this list but will be added to Status.IPAM.Used", + MarkdownDescription: "Pool is the list of IPv4 addresses available to the node for allocation. When an IPv4 address is used, it will remain on this list but will be added to Status.IPAM.Used", Attributes: map[string]schema.Attribute{ "owner": schema.StringAttribute{ - Description: "Owner is the owner of the IP. This field is set if the IP has beenallocated. It will be set to the pod name or another identifierrepresenting the usage of the IPThe owner field is left blank for an entry in Spec.IPAM.Pool andfilled out as the IP is used and also added to Status.IPAM.Used.", - MarkdownDescription: "Owner is the owner of the IP. This field is set if the IP has beenallocated. It will be set to the pod name or another identifierrepresenting the usage of the IPThe owner field is left blank for an entry in Spec.IPAM.Pool andfilled out as the IP is used and also added to Status.IPAM.Used.", + Description: "Owner is the owner of the IP. This field is set if the IP has been allocated. It will be set to the pod name or another identifier representing the usage of the IP The owner field is left blank for an entry in Spec.IPAM.Pool and filled out as the IP is used and also added to Status.IPAM.Used.", + MarkdownDescription: "Owner is the owner of the IP. This field is set if the IP has been allocated. It will be set to the pod name or another identifier representing the usage of the IP The owner field is left blank for an entry in Spec.IPAM.Pool and filled out as the IP is used and also added to Status.IPAM.Used.", Required: false, Optional: true, Computed: false, }, "resource": schema.StringAttribute{ - Description: "Resource is set for both available and allocated IPs, it representswhat resource the IP is associated with, e.g. in combination withAWS ENI, this will refer to the ID of the ENI", - MarkdownDescription: "Resource is set for both available and allocated IPs, it representswhat resource the IP is associated with, e.g. in combination withAWS ENI, this will refer to the ID of the ENI", + Description: "Resource is set for both available and allocated IPs, it represents what resource the IP is associated with, e.g. in combination with AWS ENI, this will refer to the ID of the ENI", + MarkdownDescription: "Resource is set for both available and allocated IPs, it represents what resource the IP is associated with, e.g. in combination with AWS ENI, this will refer to the ID of the ENI", Required: false, Optional: true, Computed: false, @@ -656,8 +656,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc MarkdownDescription: "Pools contains the list of assigned IPAM pools for this node.", Attributes: map[string]schema.Attribute{ "allocated": schema.ListNestedAttribute{ - Description: "Allocated contains the list of pooled CIDR assigned to this node. Theoperator will add new pod CIDRs to this field, whereas the agent willremove CIDRs it has released.", - MarkdownDescription: "Allocated contains the list of pooled CIDR assigned to this node. Theoperator will add new pod CIDRs to this field, whereas the agent willremove CIDRs it has released.", + Description: "Allocated contains the list of pooled CIDR assigned to this node. The operator will add new pod CIDRs to this field, whereas the agent will remove CIDRs it has released.", + MarkdownDescription: "Allocated contains the list of pooled CIDR assigned to this node. The operator will add new pod CIDRs to this field, whereas the agent will remove CIDRs it has released.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cidrs": schema.ListAttribute{ @@ -687,25 +687,25 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "requested": schema.ListNestedAttribute{ - Description: "Requested contains a list of IPAM pool requests, i.e. indicates how manyaddresses this node requests out of each pool listed here. This fieldis owned and written to by cilium-agent and read by the operator.", - MarkdownDescription: "Requested contains a list of IPAM pool requests, i.e. indicates how manyaddresses this node requests out of each pool listed here. This fieldis owned and written to by cilium-agent and read by the operator.", + Description: "Requested contains a list of IPAM pool requests, i.e. indicates how many addresses this node requests out of each pool listed here. This field is owned and written to by cilium-agent and read by the operator.", + MarkdownDescription: "Requested contains a list of IPAM pool requests, i.e. indicates how many addresses this node requests out of each pool listed here. This field is owned and written to by cilium-agent and read by the operator.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "needed": schema.SingleNestedAttribute{ - Description: "Needed indicates how many IPs out of the above Pool this node requestsfrom the operator. The operator runs a reconciliation loop to ensure eachnode always has enough PodCIDRs allocated in each pool to fulfill therequested number of IPs here.", - MarkdownDescription: "Needed indicates how many IPs out of the above Pool this node requestsfrom the operator. The operator runs a reconciliation loop to ensure eachnode always has enough PodCIDRs allocated in each pool to fulfill therequested number of IPs here.", + Description: "Needed indicates how many IPs out of the above Pool this node requests from the operator. The operator runs a reconciliation loop to ensure each node always has enough PodCIDRs allocated in each pool to fulfill the requested number of IPs here.", + MarkdownDescription: "Needed indicates how many IPs out of the above Pool this node requests from the operator. The operator runs a reconciliation loop to ensure each node always has enough PodCIDRs allocated in each pool to fulfill the requested number of IPs here.", Attributes: map[string]schema.Attribute{ "ipv4_addrs": schema.Int64Attribute{ - Description: "IPv4Addrs contains the number of requested IPv4 addresses out of a givenpool", - MarkdownDescription: "IPv4Addrs contains the number of requested IPv4 addresses out of a givenpool", + Description: "IPv4Addrs contains the number of requested IPv4 addresses out of a given pool", + MarkdownDescription: "IPv4Addrs contains the number of requested IPv4 addresses out of a given pool", Required: false, Optional: true, Computed: false, }, "ipv6_addrs": schema.Int64Attribute{ - Description: "IPv6Addrs contains the number of requested IPv6 addresses out of a givenpool", - MarkdownDescription: "IPv6Addrs contains the number of requested IPv6 addresses out of a givenpool", + Description: "IPv6Addrs contains the number of requested IPv6 addresses out of a given pool", + MarkdownDescription: "IPv6Addrs contains the number of requested IPv6 addresses out of a given pool", Required: false, Optional: true, Computed: false, @@ -739,8 +739,8 @@ func (r *CiliumIoCiliumNodeV2Manifest) Schema(_ context.Context, _ datasource.Sc }, "pre_allocate": schema.Int64Attribute{ - Description: "PreAllocate defines the number of IP addresses that must beavailable for allocation in the IPAMspec. It defines the buffer ofaddresses available immediately without requiring cilium-operator toget involved.", - MarkdownDescription: "PreAllocate defines the number of IP addresses that must beavailable for allocation in the IPAMspec. It defines the buffer ofaddresses available immediately without requiring cilium-operator toget involved.", + Description: "PreAllocate defines the number of IP addresses that must be available for allocation in the IPAMspec. It defines the buffer of addresses available immediately without requiring cilium-operator to get involved.", + MarkdownDescription: "PreAllocate defines the number of IP addresses that must be available for allocation in the IPAMspec. It defines the buffer of addresses available immediately without requiring cilium-operator to get involved.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest.go b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest.go index 9cd94b390..40a697e2a 100644 --- a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest.go +++ b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest.go @@ -116,8 +116,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Metadata(_ context.Cont func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumBGPPeeringPolicy is a Kubernetes third-party resource for instructingCilium's BGP control plane to create virtual BGP routers.", - MarkdownDescription: "CiliumBGPPeeringPolicy is a Kubernetes third-party resource for instructingCilium's BGP control plane to create virtual BGP routers.", + Description: "CiliumBGPPeeringPolicy is a Kubernetes third-party resource for instructing Cilium's BGP control plane to create virtual BGP routers.", + MarkdownDescription: "CiliumBGPPeeringPolicy is a Kubernetes third-party resource for instructing Cilium's BGP control plane to create virtual BGP routers.", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", @@ -176,8 +176,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex MarkdownDescription: "Spec is a human readable description of a BGP peering policy", Attributes: map[string]schema.Attribute{ "node_selector": schema.SingleNestedAttribute{ - Description: "NodeSelector selects a group of nodes where this BGP PeeringPolicy applies.If empty / nil this policy applies to all nodes.", - MarkdownDescription: "NodeSelector selects a group of nodes where this BGP PeeringPolicy applies.If empty / nil this policy applies to all nodes.", + Description: "NodeSelector selects a group of nodes where this BGP Peering Policy applies. If empty / nil this policy applies to all nodes.", + MarkdownDescription: "NodeSelector selects a group of nodes where this BGP Peering Policy applies. If empty / nil this policy applies to all nodes.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -193,8 +193,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -204,8 +204,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -219,8 +219,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -233,21 +233,21 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "virtual_routers": schema.ListNestedAttribute{ - Description: "A list of CiliumBGPVirtualRouter(s) which instructsthe BGP control plane how to instantiate virtual BGP routers.", - MarkdownDescription: "A list of CiliumBGPVirtualRouter(s) which instructsthe BGP control plane how to instantiate virtual BGP routers.", + Description: "A list of CiliumBGPVirtualRouter(s) which instructs the BGP control plane how to instantiate virtual BGP routers.", + MarkdownDescription: "A list of CiliumBGPVirtualRouter(s) which instructs the BGP control plane how to instantiate virtual BGP routers.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "export_pod_cidr": schema.BoolAttribute{ - Description: "ExportPodCIDR determines whether to export the Node's private CIDR blockto the configured neighbors.", - MarkdownDescription: "ExportPodCIDR determines whether to export the Node's private CIDR blockto the configured neighbors.", + Description: "ExportPodCIDR determines whether to export the Node's private CIDR block to the configured neighbors.", + MarkdownDescription: "ExportPodCIDR determines whether to export the Node's private CIDR block to the configured neighbors.", Required: false, Optional: true, Computed: false, }, "local_asn": schema.Int64Attribute{ - Description: "LocalASN is the ASN of this virtual router.Supports extended 32bit ASNs", - MarkdownDescription: "LocalASN is the ASN of this virtual router.Supports extended 32bit ASNs", + Description: "LocalASN is the ASN of this virtual router. Supports extended 32bit ASNs", + MarkdownDescription: "LocalASN is the ASN of this virtual router. Supports extended 32bit ASNs", Required: true, Optional: false, Computed: false, @@ -263,13 +263,13 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "advertised_path_attributes": schema.ListNestedAttribute{ - Description: "AdvertisedPathAttributes can be used to apply additional path attributesto selected routes when advertising them to the peer.If empty / nil, no additional path attributes are advertised.", - MarkdownDescription: "AdvertisedPathAttributes can be used to apply additional path attributesto selected routes when advertising them to the peer.If empty / nil, no additional path attributes are advertised.", + Description: "AdvertisedPathAttributes can be used to apply additional path attributes to selected routes when advertising them to the peer. If empty / nil, no additional path attributes are advertised.", + MarkdownDescription: "AdvertisedPathAttributes can be used to apply additional path attributes to selected routes when advertising them to the peer. If empty / nil, no additional path attributes are advertised.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "communities": schema.SingleNestedAttribute{ - Description: "Communities defines a set of community values advertised in the supported BGP Communities path attributes.If nil / not set, no BGP Communities path attribute will be advertised.", - MarkdownDescription: "Communities defines a set of community values advertised in the supported BGP Communities path attributes.If nil / not set, no BGP Communities path attribute will be advertised.", + Description: "Communities defines a set of community values advertised in the supported BGP Communities path attributes. If nil / not set, no BGP Communities path attribute will be advertised.", + MarkdownDescription: "Communities defines a set of community values advertised in the supported BGP Communities path attributes. If nil / not set, no BGP Communities path attribute will be advertised.", Attributes: map[string]schema.Attribute{ "large": schema.ListAttribute{ Description: "Large holds a list of the BGP Large Communities Attribute (RFC 8092) values.", @@ -290,8 +290,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "well_known": schema.ListAttribute{ - Description: "WellKnown holds a list 'standard' 32-bit BGP Communities Attribute (RFC 1997) values defined aswell-known string aliases to their numeric values.", - MarkdownDescription: "WellKnown holds a list 'standard' 32-bit BGP Communities Attribute (RFC 1997) values defined aswell-known string aliases to their numeric values.", + Description: "WellKnown holds a list 'standard' 32-bit BGP Communities Attribute (RFC 1997) values defined as well-known string aliases to their numeric values.", + MarkdownDescription: "WellKnown holds a list 'standard' 32-bit BGP Communities Attribute (RFC 1997) values defined as well-known string aliases to their numeric values.", ElementType: types.StringType, Required: false, Optional: true, @@ -304,8 +304,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "local_preference": schema.Int64Attribute{ - Description: "LocalPreference defines the preference value advertised in the BGP Local Preference path attribute.As Local Preference is only valid for iBGP peers, this value will be ignored for eBGP peers(no Local Preference path attribute will be advertised).If nil / not set, the default Local Preference of 100 will be advertised inthe Local Preference path attribute for iBGP peers.", - MarkdownDescription: "LocalPreference defines the preference value advertised in the BGP Local Preference path attribute.As Local Preference is only valid for iBGP peers, this value will be ignored for eBGP peers(no Local Preference path attribute will be advertised).If nil / not set, the default Local Preference of 100 will be advertised inthe Local Preference path attribute for iBGP peers.", + Description: "LocalPreference defines the preference value advertised in the BGP Local Preference path attribute. As Local Preference is only valid for iBGP peers, this value will be ignored for eBGP peers (no Local Preference path attribute will be advertised). If nil / not set, the default Local Preference of 100 will be advertised in the Local Preference path attribute for iBGP peers.", + MarkdownDescription: "LocalPreference defines the preference value advertised in the BGP Local Preference path attribute. As Local Preference is only valid for iBGP peers, this value will be ignored for eBGP peers (no Local Preference path attribute will be advertised). If nil / not set, the default Local Preference of 100 will be advertised in the Local Preference path attribute for iBGP peers.", Required: false, Optional: true, Computed: false, @@ -316,8 +316,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "selector": schema.SingleNestedAttribute{ - Description: "Selector selects a group of objects of the SelectorTyperesulting into routes that will be announced with the configured Attributes.If nil / not set, all objects of the SelectorType are selected.", - MarkdownDescription: "Selector selects a group of objects of the SelectorTyperesulting into routes that will be announced with the configured Attributes.If nil / not set, all objects of the SelectorType are selected.", + Description: "Selector selects a group of objects of the SelectorType resulting into routes that will be announced with the configured Attributes. If nil / not set, all objects of the SelectorType are selected.", + MarkdownDescription: "Selector selects a group of objects of the SelectorType resulting into routes that will be announced with the configured Attributes. If nil / not set, all objects of the SelectorType are selected.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -333,8 +333,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -344,8 +344,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -359,8 +359,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -373,8 +373,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "selector_type": schema.StringAttribute{ - Description: "SelectorType defines the object type on which the Selector applies:- For 'PodCIDR' the Selector matches k8s CiliumNode resources (path attributes apply to routes announced for PodCIDRs of selected CiliumNodes. Only affects routes of cluster scope / Kubernetes IPAM CIDRs, not Multi-Pool IPAM CIDRs.- For 'CiliumLoadBalancerIPPool' the Selector matches CiliumLoadBalancerIPPool custom resources (path attributes apply to routes announced for selected CiliumLoadBalancerIPPools).- For 'CiliumPodIPPool' the Selector matches CiliumPodIPPool custom resources (path attributes apply to routes announced for allocated CIDRs of selected CiliumPodIPPools).", - MarkdownDescription: "SelectorType defines the object type on which the Selector applies:- For 'PodCIDR' the Selector matches k8s CiliumNode resources (path attributes apply to routes announced for PodCIDRs of selected CiliumNodes. Only affects routes of cluster scope / Kubernetes IPAM CIDRs, not Multi-Pool IPAM CIDRs.- For 'CiliumLoadBalancerIPPool' the Selector matches CiliumLoadBalancerIPPool custom resources (path attributes apply to routes announced for selected CiliumLoadBalancerIPPools).- For 'CiliumPodIPPool' the Selector matches CiliumPodIPPool custom resources (path attributes apply to routes announced for allocated CIDRs of selected CiliumPodIPPools).", + Description: "SelectorType defines the object type on which the Selector applies: - For 'PodCIDR' the Selector matches k8s CiliumNode resources (path attributes apply to routes announced for PodCIDRs of selected CiliumNodes. Only affects routes of cluster scope / Kubernetes IPAM CIDRs, not Multi-Pool IPAM CIDRs. - For 'CiliumLoadBalancerIPPool' the Selector matches CiliumLoadBalancerIPPool custom resources (path attributes apply to routes announced for selected CiliumLoadBalancerIPPools). - For 'CiliumPodIPPool' the Selector matches CiliumPodIPPool custom resources (path attributes apply to routes announced for allocated CIDRs of selected CiliumPodIPPools).", + MarkdownDescription: "SelectorType defines the object type on which the Selector applies: - For 'PodCIDR' the Selector matches k8s CiliumNode resources (path attributes apply to routes announced for PodCIDRs of selected CiliumNodes. Only affects routes of cluster scope / Kubernetes IPAM CIDRs, not Multi-Pool IPAM CIDRs. - For 'CiliumLoadBalancerIPPool' the Selector matches CiliumLoadBalancerIPPool custom resources (path attributes apply to routes announced for selected CiliumLoadBalancerIPPools). - For 'CiliumPodIPPool' the Selector matches CiliumPodIPPool custom resources (path attributes apply to routes announced for allocated CIDRs of selected CiliumPodIPPools).", Required: true, Optional: false, Computed: false, @@ -390,8 +390,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "auth_secret_ref": schema.StringAttribute{ - Description: "AuthSecretRef is the name of the secret to use to fetch a TCPauthentication password for this peer.", - MarkdownDescription: "AuthSecretRef is the name of the secret to use to fetch a TCPauthentication password for this peer.", + Description: "AuthSecretRef is the name of the secret to use to fetch a TCP authentication password for this peer.", + MarkdownDescription: "AuthSecretRef is the name of the secret to use to fetch a TCP authentication password for this peer.", Required: false, Optional: true, Computed: false, @@ -410,8 +410,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "e_bgp_multihop_ttl": schema.Int64Attribute{ - Description: "EBGPMultihopTTL controls the multi-hop feature for eBGP peers.Its value defines the Time To Live (TTL) value used in BGP packets sent to the neighbor.The value 1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed).This field is ignored for iBGP peers.", - MarkdownDescription: "EBGPMultihopTTL controls the multi-hop feature for eBGP peers.Its value defines the Time To Live (TTL) value used in BGP packets sent to the neighbor.The value 1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed).This field is ignored for iBGP peers.", + Description: "EBGPMultihopTTL controls the multi-hop feature for eBGP peers. Its value defines the Time To Live (TTL) value used in BGP packets sent to the neighbor. The value 1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed). This field is ignored for iBGP peers.", + MarkdownDescription: "EBGPMultihopTTL controls the multi-hop feature for eBGP peers. Its value defines the Time To Live (TTL) value used in BGP packets sent to the neighbor. The value 1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed). This field is ignored for iBGP peers.", Required: false, Optional: true, Computed: false, @@ -422,8 +422,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "families": schema.ListNestedAttribute{ - Description: "Families, if provided, defines a set of AFI/SAFIs the speaker willnegotiate with it's peer.If this slice is not provided the default families of IPv6 and IPv4 willbe provided.", - MarkdownDescription: "Families, if provided, defines a set of AFI/SAFIs the speaker willnegotiate with it's peer.If this slice is not provided the default families of IPv6 and IPv4 willbe provided.", + Description: "Families, if provided, defines a set of AFI/SAFIs the speaker will negotiate with it's peer. If this slice is not provided the default families of IPv6 and IPv4 will be provided.", + MarkdownDescription: "Families, if provided, defines a set of AFI/SAFIs the speaker will negotiate with it's peer. If this slice is not provided the default families of IPv6 and IPv4 will be provided.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "afi": schema.StringAttribute{ @@ -455,8 +455,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "graceful_restart": schema.SingleNestedAttribute{ - Description: "GracefulRestart defines graceful restart parameters which are negotiatedwith this neighbor. If empty / nil, the graceful restart capability is disabled.", - MarkdownDescription: "GracefulRestart defines graceful restart parameters which are negotiatedwith this neighbor. If empty / nil, the graceful restart capability is disabled.", + Description: "GracefulRestart defines graceful restart parameters which are negotiated with this neighbor. If empty / nil, the graceful restart capability is disabled.", + MarkdownDescription: "GracefulRestart defines graceful restart parameters which are negotiated with this neighbor. If empty / nil, the graceful restart capability is disabled.", Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ Description: "Enabled flag, when set enables graceful restart capability.", @@ -467,8 +467,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "restart_time_seconds": schema.Int64Attribute{ - Description: "RestartTimeSeconds is the estimated time it will take for the BGPsession to be re-established with peer after a restart.After this period, peer will remove stale routes. This isdescribed RFC 4724 section 4.2.", - MarkdownDescription: "RestartTimeSeconds is the estimated time it will take for the BGPsession to be re-established with peer after a restart.After this period, peer will remove stale routes. This isdescribed RFC 4724 section 4.2.", + Description: "RestartTimeSeconds is the estimated time it will take for the BGP session to be re-established with peer after a restart. After this period, peer will remove stale routes. This is described RFC 4724 section 4.2.", + MarkdownDescription: "RestartTimeSeconds is the estimated time it will take for the BGP session to be re-established with peer after a restart. After this period, peer will remove stale routes. This is described RFC 4724 section 4.2.", Required: false, Optional: true, Computed: false, @@ -484,8 +484,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "hold_time_seconds": schema.Int64Attribute{ - Description: "HoldTimeSeconds defines the initial value for the BGP HoldTimer (RFC 4271, Section 4.2).Updating this value will cause a session reset.", - MarkdownDescription: "HoldTimeSeconds defines the initial value for the BGP HoldTimer (RFC 4271, Section 4.2).Updating this value will cause a session reset.", + Description: "HoldTimeSeconds defines the initial value for the BGP HoldTimer (RFC 4271, Section 4.2). Updating this value will cause a session reset.", + MarkdownDescription: "HoldTimeSeconds defines the initial value for the BGP HoldTimer (RFC 4271, Section 4.2). Updating this value will cause a session reset.", Required: false, Optional: true, Computed: false, @@ -496,8 +496,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "keep_alive_time_seconds": schema.Int64Attribute{ - Description: "KeepaliveTimeSeconds defines the initial value for the BGP KeepaliveTimer (RFC 4271, Section 8).It can not be larger than HoldTimeSeconds. Updating this value will cause a session reset.", - MarkdownDescription: "KeepaliveTimeSeconds defines the initial value for the BGP KeepaliveTimer (RFC 4271, Section 8).It can not be larger than HoldTimeSeconds. Updating this value will cause a session reset.", + Description: "KeepaliveTimeSeconds defines the initial value for the BGP KeepaliveTimer (RFC 4271, Section 8). It can not be larger than HoldTimeSeconds. Updating this value will cause a session reset.", + MarkdownDescription: "KeepaliveTimeSeconds defines the initial value for the BGP KeepaliveTimer (RFC 4271, Section 8). It can not be larger than HoldTimeSeconds. Updating this value will cause a session reset.", Required: false, Optional: true, Computed: false, @@ -508,8 +508,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "peer_asn": schema.Int64Attribute{ - Description: "PeerASN is the ASN of the peer BGP router.Supports extended 32bit ASNs", - MarkdownDescription: "PeerASN is the ASN of the peer BGP router.Supports extended 32bit ASNs", + Description: "PeerASN is the ASN of the peer BGP router. Supports extended 32bit ASNs", + MarkdownDescription: "PeerASN is the ASN of the peer BGP router. Supports extended 32bit ASNs", Required: true, Optional: false, Computed: false, @@ -520,16 +520,16 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "peer_address": schema.StringAttribute{ - Description: "PeerAddress is the IP address of the peer.This must be in CIDR notation and use a /32 to expressa single host.", - MarkdownDescription: "PeerAddress is the IP address of the peer.This must be in CIDR notation and use a /32 to expressa single host.", + Description: "PeerAddress is the IP address of the peer. This must be in CIDR notation and use a /32 to express a single host.", + MarkdownDescription: "PeerAddress is the IP address of the peer. This must be in CIDR notation and use a /32 to express a single host.", Required: true, Optional: false, Computed: false, }, "peer_port": schema.Int64Attribute{ - Description: "PeerPort is the TCP port of the peer. 1-65535 is the range ofvalid port numbers that can be specified. If unset, defaults to 179.", - MarkdownDescription: "PeerPort is the TCP port of the peer. 1-65535 is the range ofvalid port numbers that can be specified. If unset, defaults to 179.", + Description: "PeerPort is the TCP port of the peer. 1-65535 is the range of valid port numbers that can be specified. If unset, defaults to 179.", + MarkdownDescription: "PeerPort is the TCP port of the peer. 1-65535 is the range of valid port numbers that can be specified. If unset, defaults to 179.", Required: false, Optional: true, Computed: false, @@ -546,8 +546,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "pod_ip_pool_selector": schema.SingleNestedAttribute{ - Description: "PodIPPoolSelector selects CiliumPodIPPools based on labels. The virtualrouter will announce allocated CIDRs of matching CiliumPodIPPools.If empty / nil no CiliumPodIPPools will be announced.", - MarkdownDescription: "PodIPPoolSelector selects CiliumPodIPPools based on labels. The virtualrouter will announce allocated CIDRs of matching CiliumPodIPPools.If empty / nil no CiliumPodIPPools will be announced.", + Description: "PodIPPoolSelector selects CiliumPodIPPools based on labels. The virtual router will announce allocated CIDRs of matching CiliumPodIPPools. If empty / nil no CiliumPodIPPools will be announced.", + MarkdownDescription: "PodIPPoolSelector selects CiliumPodIPPools based on labels. The virtual router will announce allocated CIDRs of matching CiliumPodIPPools. If empty / nil no CiliumPodIPPools will be announced.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -563,8 +563,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -574,8 +574,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -589,8 +589,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -603,8 +603,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "service_advertisements": schema.ListAttribute{ - Description: "ServiceAdvertisements selects a group of BGP Advertisement(s) to advertisefor the selected services.", - MarkdownDescription: "ServiceAdvertisements selects a group of BGP Advertisement(s) to advertisefor the selected services.", + Description: "ServiceAdvertisements selects a group of BGP Advertisement(s) to advertise for the selected services.", + MarkdownDescription: "ServiceAdvertisements selects a group of BGP Advertisement(s) to advertise for the selected services.", ElementType: types.StringType, Required: false, Optional: true, @@ -612,8 +612,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "service_selector": schema.SingleNestedAttribute{ - Description: "ServiceSelector selects a group of load balancer services which thisvirtual router will announce. The loadBalancerClass for a service mustbe nil or specify a class supported by Cilium, e.g. 'io.cilium/bgp-control-plane'.Refer to the following document for additional details regarding load balancerclasses: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-classIf empty / nil no services will be announced.", - MarkdownDescription: "ServiceSelector selects a group of load balancer services which thisvirtual router will announce. The loadBalancerClass for a service mustbe nil or specify a class supported by Cilium, e.g. 'io.cilium/bgp-control-plane'.Refer to the following document for additional details regarding load balancerclasses: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-classIf empty / nil no services will be announced.", + Description: "ServiceSelector selects a group of load balancer services which this virtual router will announce. The loadBalancerClass for a service must be nil or specify a class supported by Cilium, e.g. 'io.cilium/bgp-control-plane'. Refer to the following document for additional details regarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class If empty / nil no services will be announced.", + MarkdownDescription: "ServiceSelector selects a group of load balancer services which this virtual router will announce. The loadBalancerClass for a service must be nil or specify a class supported by Cilium, e.g. 'io.cilium/bgp-control-plane'. Refer to the following document for additional details regarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class If empty / nil no services will be announced.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -629,8 +629,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -640,8 +640,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -655,8 +655,8 @@ func (r *CiliumIoCiliumBgppeeringPolicyV2Alpha1Manifest) Schema(_ context.Contex }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_cidr_group_v2alpha1_manifest.go b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_cidr_group_v2alpha1_manifest.go index 5d4c8a89f..35578f66f 100644 --- a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_cidr_group_v2alpha1_manifest.go +++ b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_cidr_group_v2alpha1_manifest.go @@ -42,7 +42,7 @@ type CiliumIoCiliumCidrgroupV2Alpha1ManifestData struct { } `tfsdk:"metadata" json:"metadata"` Spec *struct { - ExternalCIDRs *[]string `tfsdk:"external_cid_rs" json:"externalCIDRs,omitempty"` + ExternalCIDRs *[]string `tfsdk:"external_cidrs" json:"externalCIDRs,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } @@ -52,8 +52,8 @@ func (r *CiliumIoCiliumCidrgroupV2Alpha1Manifest) Metadata(_ context.Context, re func (r *CiliumIoCiliumCidrgroupV2Alpha1Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumCIDRGroup is a list of external CIDRs (i.e: CIDRs selecting peersoutside the clusters) that can be referenced as a single entity fromCiliumNetworkPolicies.", - MarkdownDescription: "CiliumCIDRGroup is a list of external CIDRs (i.e: CIDRs selecting peersoutside the clusters) that can be referenced as a single entity fromCiliumNetworkPolicies.", + Description: "CiliumCIDRGroup is a list of external CIDRs (i.e: CIDRs selecting peers outside the clusters) that can be referenced as a single entity from CiliumNetworkPolicies.", + MarkdownDescription: "CiliumCIDRGroup is a list of external CIDRs (i.e: CIDRs selecting peers outside the clusters) that can be referenced as a single entity from CiliumNetworkPolicies.", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", @@ -111,7 +111,7 @@ func (r *CiliumIoCiliumCidrgroupV2Alpha1Manifest) Schema(_ context.Context, _ da Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "external_cid_rs": schema.ListAttribute{ + "external_cidrs": schema.ListAttribute{ Description: "ExternalCIDRs is a list of CIDRs selecting peers outside the clusters.", MarkdownDescription: "ExternalCIDRs is a list of CIDRs selecting peers outside the clusters.", ElementType: types.StringType, diff --git a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_endpoint_slice_v2alpha1_manifest.go b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_endpoint_slice_v2alpha1_manifest.go index 154ab47c1..d0a1703ec 100644 --- a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_endpoint_slice_v2alpha1_manifest.go +++ b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_endpoint_slice_v2alpha1_manifest.go @@ -134,8 +134,8 @@ func (r *CiliumIoCiliumEndpointSliceV2Alpha1Manifest) Schema(_ context.Context, MarkdownDescription: "EncryptionSpec defines the encryption relevant configuration of a node.", Attributes: map[string]schema.Attribute{ "key": schema.Int64Attribute{ - Description: "Key is the index to the key to use for encryption or 0 if encryption isdisabled.", - MarkdownDescription: "Key is the index to the key to use for encryption or 0 if encryption isdisabled.", + Description: "Key is the index to the key to use for encryption or 0 if encryption is disabled.", + MarkdownDescription: "Key is the index to the key to use for encryption or 0 if encryption is disabled.", Required: false, Optional: true, Computed: false, @@ -163,8 +163,8 @@ func (r *CiliumIoCiliumEndpointSliceV2Alpha1Manifest) Schema(_ context.Context, }, "named_ports": schema.ListNestedAttribute{ - Description: "NamedPorts List of named Layer 4 port and protocol pairs which will be used in NetworkPolicy specs.swagger:model NamedPorts", - MarkdownDescription: "NamedPorts List of named Layer 4 port and protocol pairs which will be used in NetworkPolicy specs.swagger:model NamedPorts", + Description: "NamedPorts List of named Layer 4 port and protocol pairs which will be used in Network Policy specs. swagger:model NamedPorts", + MarkdownDescription: "NamedPorts List of named Layer 4 port and protocol pairs which will be used in Network Policy specs. swagger:model NamedPorts", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -184,8 +184,8 @@ func (r *CiliumIoCiliumEndpointSliceV2Alpha1Manifest) Schema(_ context.Context, }, "protocol": schema.StringAttribute{ - Description: "Layer 4 protocolEnum: [TCP UDP SCTP ICMP ICMPV6 ANY]", - MarkdownDescription: "Layer 4 protocolEnum: [TCP UDP SCTP ICMP ICMPV6 ANY]", + Description: "Layer 4 protocol Enum: [TCP UDP SCTP ICMP ICMPV6 ANY]", + MarkdownDescription: "Layer 4 protocol Enum: [TCP UDP SCTP ICMP ICMPV6 ANY]", Required: false, Optional: true, Computed: false, @@ -229,8 +229,8 @@ func (r *CiliumIoCiliumEndpointSliceV2Alpha1Manifest) Schema(_ context.Context, }, "node": schema.StringAttribute{ - Description: "NodeIP is the IP of the node the endpoint is running on. The IP mustbe reachable between nodes.", - MarkdownDescription: "NodeIP is the IP of the node the endpoint is running on. The IP mustbe reachable between nodes.", + Description: "NodeIP is the IP of the node the endpoint is running on. The IP must be reachable between nodes.", + MarkdownDescription: "NodeIP is the IP of the node the endpoint is running on. The IP must be reachable between nodes.", Required: false, Optional: true, Computed: false, @@ -248,8 +248,8 @@ func (r *CiliumIoCiliumEndpointSliceV2Alpha1Manifest) Schema(_ context.Context, }, "namespace": schema.StringAttribute{ - Description: "Namespace indicate as CiliumEndpointSlice namespace.All the CiliumEndpoints within the same namespace are put togetherin CiliumEndpointSlice.", - MarkdownDescription: "Namespace indicate as CiliumEndpointSlice namespace.All the CiliumEndpoints within the same namespace are put togetherin CiliumEndpointSlice.", + Description: "Namespace indicate as CiliumEndpointSlice namespace. All the CiliumEndpoints within the same namespace are put together in CiliumEndpointSlice.", + MarkdownDescription: "Namespace indicate as CiliumEndpointSlice namespace. All the CiliumEndpoints within the same namespace are put together in CiliumEndpointSlice.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest.go b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest.go index cf3032c2c..bb207e5c0 100644 --- a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest.go +++ b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest.go @@ -70,8 +70,8 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Metadata(_ context. func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumL2AnnouncementPolicy is a Kubernetes third-party resource whichis used to defined which nodes should announce what services on theL2 network.", - MarkdownDescription: "CiliumL2AnnouncementPolicy is a Kubernetes third-party resource whichis used to defined which nodes should announce what services on theL2 network.", + Description: "CiliumL2AnnouncementPolicy is a Kubernetes third-party resource which is used to defined which nodes should announce what services on the L2 network.", + MarkdownDescription: "CiliumL2AnnouncementPolicy is a Kubernetes third-party resource which is used to defined which nodes should announce what services on the L2 network.", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", @@ -138,8 +138,8 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Co }, "interfaces": schema.ListAttribute{ - Description: "A list of regular expressions that express which network interface(s) should be usedto announce the services over. If nil, all network interfaces are used.", - MarkdownDescription: "A list of regular expressions that express which network interface(s) should be usedto announce the services over. If nil, all network interfaces are used.", + Description: "A list of regular expressions that express which network interface(s) should be used to announce the services over. If nil, all network interfaces are used.", + MarkdownDescription: "A list of regular expressions that express which network interface(s) should be used to announce the services over. If nil, all network interfaces are used.", ElementType: types.StringType, Required: false, Optional: true, @@ -147,16 +147,16 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Co }, "load_balancer_i_ps": schema.BoolAttribute{ - Description: "If true, the loadbalancer IPs of the services are announcedIf nil this policy applies to all services.", - MarkdownDescription: "If true, the loadbalancer IPs of the services are announcedIf nil this policy applies to all services.", + Description: "If true, the loadbalancer IPs of the services are announced If nil this policy applies to all services.", + MarkdownDescription: "If true, the loadbalancer IPs of the services are announced If nil this policy applies to all services.", Required: false, Optional: true, Computed: false, }, "node_selector": schema.SingleNestedAttribute{ - Description: "NodeSelector selects a group of nodes which will announce the IPs forthe services selected by the service selector.If nil this policy applies to all nodes.", - MarkdownDescription: "NodeSelector selects a group of nodes which will announce the IPs forthe services selected by the service selector.If nil this policy applies to all nodes.", + Description: "NodeSelector selects a group of nodes which will announce the IPs for the services selected by the service selector. If nil this policy applies to all nodes.", + MarkdownDescription: "NodeSelector selects a group of nodes which will announce the IPs for the services selected by the service selector. If nil this policy applies to all nodes.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -172,8 +172,8 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Co }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -183,8 +183,8 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Co }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -198,8 +198,8 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Co }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -212,8 +212,8 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Co }, "service_selector": schema.SingleNestedAttribute{ - Description: "ServiceSelector selects a set of services which will be announced over L2 networks.The loadBalancerClass for a service must be nil or specify a supported class, e.g.'io.cilium/l2-announcer'. Refer to the following document for additional detailsregarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-classIf nil this policy applies to all services.", - MarkdownDescription: "ServiceSelector selects a set of services which will be announced over L2 networks.The loadBalancerClass for a service must be nil or specify a supported class, e.g.'io.cilium/l2-announcer'. Refer to the following document for additional detailsregarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-classIf nil this policy applies to all services.", + Description: "ServiceSelector selects a set of services which will be announced over L2 networks. The loadBalancerClass for a service must be nil or specify a supported class, e.g. 'io.cilium/l2-announcer'. Refer to the following document for additional details regarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class If nil this policy applies to all services.", + MarkdownDescription: "ServiceSelector selects a set of services which will be announced over L2 networks. The loadBalancerClass for a service must be nil or specify a supported class, e.g. 'io.cilium/l2-announcer'. Refer to the following document for additional details regarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class If nil this policy applies to all services.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -229,8 +229,8 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Co }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -240,8 +240,8 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Co }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -255,8 +255,8 @@ func (r *CiliumIoCiliumL2AnnouncementPolicyV2Alpha1Manifest) Schema(_ context.Co }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest.go b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest.go index 63ef0c122..b34a89ce6 100644 --- a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest.go +++ b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest.go @@ -66,8 +66,8 @@ func (r *CiliumIoCiliumLoadBalancerIppoolV2Alpha1Manifest) Metadata(_ context.Co func (r *CiliumIoCiliumLoadBalancerIppoolV2Alpha1Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumLoadBalancerIPPool is a Kubernetes third-party resource whichis used to defined pools of IPs which the operator can use to to allocateand advertise IPs for Services of type LoadBalancer.", - MarkdownDescription: "CiliumLoadBalancerIPPool is a Kubernetes third-party resource whichis used to defined pools of IPs which the operator can use to to allocateand advertise IPs for Services of type LoadBalancer.", + Description: "CiliumLoadBalancerIPPool is a Kubernetes third-party resource which is used to defined pools of IPs which the operator can use to to allocate and advertise IPs for Services of type LoadBalancer.", + MarkdownDescription: "CiliumLoadBalancerIPPool is a Kubernetes third-party resource which is used to defined pools of IPs which the operator can use to to allocate and advertise IPs for Services of type LoadBalancer.", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", @@ -122,12 +122,12 @@ func (r *CiliumIoCiliumLoadBalancerIppoolV2Alpha1Manifest) Schema(_ context.Cont }, "spec": schema.SingleNestedAttribute{ - Description: "Spec is a human readable description for a BGP load balancerip pool.", - MarkdownDescription: "Spec is a human readable description for a BGP load balancerip pool.", + Description: "Spec is a human readable description for a BGP load balancer ip pool.", + MarkdownDescription: "Spec is a human readable description for a BGP load balancer ip pool.", Attributes: map[string]schema.Attribute{ "allow_first_last_i_ps": schema.StringAttribute{ - Description: "AllowFirstLastIPs, if set to 'Yes' or undefined means that the first and last IPs of each CIDR will be allocatable.If 'No', these IPs will be reserved. This field is ignored for /{31,32} and /{127,128} CIDRs sincereserving the first and last IPs would make the CIDRs unusable.", - MarkdownDescription: "AllowFirstLastIPs, if set to 'Yes' or undefined means that the first and last IPs of each CIDR will be allocatable.If 'No', these IPs will be reserved. This field is ignored for /{31,32} and /{127,128} CIDRs sincereserving the first and last IPs would make the CIDRs unusable.", + Description: "AllowFirstLastIPs, if set to 'Yes' or undefined means that the first and last IPs of each CIDR will be allocatable. If 'No', these IPs will be reserved. This field is ignored for /{31,32} and /{127,128} CIDRs since reserving the first and last IPs would make the CIDRs unusable.", + MarkdownDescription: "AllowFirstLastIPs, if set to 'Yes' or undefined means that the first and last IPs of each CIDR will be allocatable. If 'No', these IPs will be reserved. This field is ignored for /{31,32} and /{127,128} CIDRs since reserving the first and last IPs would make the CIDRs unusable.", Required: false, Optional: true, Computed: false, @@ -172,8 +172,8 @@ func (r *CiliumIoCiliumLoadBalancerIppoolV2Alpha1Manifest) Schema(_ context.Cont }, "disabled": schema.BoolAttribute{ - Description: "Disabled, if set to true means that no new IPs will be allocated from this pool.Existing allocations will not be removed from services.", - MarkdownDescription: "Disabled, if set to true means that no new IPs will be allocated from this pool.Existing allocations will not be removed from services.", + Description: "Disabled, if set to true means that no new IPs will be allocated from this pool. Existing allocations will not be removed from services.", + MarkdownDescription: "Disabled, if set to true means that no new IPs will be allocated from this pool. Existing allocations will not be removed from services.", Required: false, Optional: true, Computed: false, @@ -197,8 +197,8 @@ func (r *CiliumIoCiliumLoadBalancerIppoolV2Alpha1Manifest) Schema(_ context.Cont }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -208,8 +208,8 @@ func (r *CiliumIoCiliumLoadBalancerIppoolV2Alpha1Manifest) Schema(_ context.Cont }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -223,8 +223,8 @@ func (r *CiliumIoCiliumLoadBalancerIppoolV2Alpha1Manifest) Schema(_ context.Cont }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -236,8 +236,8 @@ func (r *CiliumIoCiliumLoadBalancerIppoolV2Alpha1Manifest) Schema(_ context.Cont Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, }, diff --git a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_pod_ip_pool_v2alpha1_manifest.go b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_pod_ip_pool_v2alpha1_manifest.go index aeccc4337..1f5d41fd3 100644 --- a/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_pod_ip_pool_v2alpha1_manifest.go +++ b/internal/provider/cilium_io_v2alpha1/cilium_io_cilium_pod_ip_pool_v2alpha1_manifest.go @@ -60,8 +60,8 @@ func (r *CiliumIoCiliumPodIppoolV2Alpha1Manifest) Metadata(_ context.Context, re func (r *CiliumIoCiliumPodIppoolV2Alpha1Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { response.Schema = schema.Schema{ - Description: "CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAMmode).", - MarkdownDescription: "CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAMmode).", + Description: "CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).", + MarkdownDescription: "CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).", Attributes: map[string]schema.Attribute{ "yaml": schema.StringAttribute{ Description: "The generated manifest in YAML format.", diff --git a/internal/provider/crd_projectcalico_org_v1/crd_projectcalico_org_felix_configuration_v1_manifest.go b/internal/provider/crd_projectcalico_org_v1/crd_projectcalico_org_felix_configuration_v1_manifest.go index 80d216f0e..bb4388853 100644 --- a/internal/provider/crd_projectcalico_org_v1/crd_projectcalico_org_felix_configuration_v1_manifest.go +++ b/internal/provider/crd_projectcalico_org_v1/crd_projectcalico_org_felix_configuration_v1_manifest.go @@ -49,13 +49,13 @@ type CrdProjectcalicoOrgFelixConfigurationV1ManifestData struct { BpfCTLBLogFilter *string `tfsdk:"bpf_ctlb_log_filter" json:"bpfCTLBLogFilter,omitempty"` BpfConnectTimeLoadBalancing *string `tfsdk:"bpf_connect_time_load_balancing" json:"bpfConnectTimeLoadBalancing,omitempty"` BpfConnectTimeLoadBalancingEnabled *bool `tfsdk:"bpf_connect_time_load_balancing_enabled" json:"bpfConnectTimeLoadBalancingEnabled,omitempty"` - BpfDSROptoutCIDRs *[]string `tfsdk:"bpf_dsr_optout_cid_rs" json:"bpfDSROptoutCIDRs,omitempty"` + BpfDSROptoutCIDRs *[]string `tfsdk:"bpf_dsr_optout_cidrs" json:"bpfDSROptoutCIDRs,omitempty"` BpfDataIfacePattern *string `tfsdk:"bpf_data_iface_pattern" json:"bpfDataIfacePattern,omitempty"` BpfDisableGROForIfaces *string `tfsdk:"bpf_disable_gro_for_ifaces" json:"bpfDisableGROForIfaces,omitempty"` BpfDisableUnprivileged *bool `tfsdk:"bpf_disable_unprivileged" json:"bpfDisableUnprivileged,omitempty"` BpfEnabled *bool `tfsdk:"bpf_enabled" json:"bpfEnabled,omitempty"` BpfEnforceRPF *string `tfsdk:"bpf_enforce_rpf" json:"bpfEnforceRPF,omitempty"` - BpfExcludeCIDRsFromNAT *[]string `tfsdk:"bpf_exclude_cid_rs_from_nat" json:"bpfExcludeCIDRsFromNAT,omitempty"` + BpfExcludeCIDRsFromNAT *[]string `tfsdk:"bpf_exclude_cidrs_from_nat" json:"bpfExcludeCIDRsFromNAT,omitempty"` BpfExtToServiceConnmark *int64 `tfsdk:"bpf_ext_to_service_connmark" json:"bpfExtToServiceConnmark,omitempty"` BpfExternalServiceMode *string `tfsdk:"bpf_external_service_mode" json:"bpfExternalServiceMode,omitempty"` BpfForceTrackPacketsFromIfaces *[]string `tfsdk:"bpf_force_track_packets_from_ifaces" json:"bpfForceTrackPacketsFromIfaces,omitempty"` @@ -322,7 +322,7 @@ func (r *CrdProjectcalicoOrgFelixConfigurationV1Manifest) Schema(_ context.Conte Computed: false, }, - "bpf_dsr_optout_cid_rs": schema.ListAttribute{ + "bpf_dsr_optout_cidrs": schema.ListAttribute{ Description: "BPFDSROptoutCIDRs is a list of CIDRs which are excluded from DSR. That is, clients in those CIDRs will accesses nodeports as if BPFExternalServiceMode was set to Tunnel.", MarkdownDescription: "BPFDSROptoutCIDRs is a list of CIDRs which are excluded from DSR. That is, clients in those CIDRs will accesses nodeports as if BPFExternalServiceMode was set to Tunnel.", ElementType: types.StringType, @@ -374,7 +374,7 @@ func (r *CrdProjectcalicoOrgFelixConfigurationV1Manifest) Schema(_ context.Conte }, }, - "bpf_exclude_cid_rs_from_nat": schema.ListAttribute{ + "bpf_exclude_cidrs_from_nat": schema.ListAttribute{ Description: "BPFExcludeCIDRsFromNAT is a list of CIDRs that are to be excluded from NAT resolution so that host can handle them. A typical usecase is node local DNS cache.", MarkdownDescription: "BPFExcludeCIDRsFromNAT is a list of CIDRs that are to be excluded from NAT resolution so that host can handle them. A typical usecase is node local DNS cache.", ElementType: types.StringType, diff --git a/internal/provider/crd_projectcalico_org_v1/crd_projectcalico_org_ip_reservation_v1_manifest.go b/internal/provider/crd_projectcalico_org_v1/crd_projectcalico_org_ip_reservation_v1_manifest.go index 6328aa86c..758bf606e 100644 --- a/internal/provider/crd_projectcalico_org_v1/crd_projectcalico_org_ip_reservation_v1_manifest.go +++ b/internal/provider/crd_projectcalico_org_v1/crd_projectcalico_org_ip_reservation_v1_manifest.go @@ -42,7 +42,7 @@ type CrdProjectcalicoOrgIpreservationV1ManifestData struct { } `tfsdk:"metadata" json:"metadata"` Spec *struct { - ReservedCIDRs *[]string `tfsdk:"reserved_cid_rs" json:"reservedCIDRs,omitempty"` + ReservedCIDRs *[]string `tfsdk:"reserved_cidrs" json:"reservedCIDRs,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } @@ -111,7 +111,7 @@ func (r *CrdProjectcalicoOrgIpreservationV1Manifest) Schema(_ context.Context, _ Description: "IPReservationSpec contains the specification for an IPReservation resource.", MarkdownDescription: "IPReservationSpec contains the specification for an IPReservation resource.", Attributes: map[string]schema.Attribute{ - "reserved_cid_rs": schema.ListAttribute{ + "reserved_cidrs": schema.ListAttribute{ Description: "ReservedCIDRs is a list of CIDRs and/or IP addresses that Calico IPAM will exclude from new allocations.", MarkdownDescription: "ReservedCIDRs is a list of CIDRs and/or IP addresses that Calico IPAM will exclude from new allocations.", ElementType: types.StringType, diff --git a/internal/provider/eks_services_k8s_aws_v1alpha1/eks_services_k8s_aws_cluster_v1alpha1_manifest.go b/internal/provider/eks_services_k8s_aws_v1alpha1/eks_services_k8s_aws_cluster_v1alpha1_manifest.go index 19eabf078..2390e0749 100644 --- a/internal/provider/eks_services_k8s_aws_v1alpha1/eks_services_k8s_aws_cluster_v1alpha1_manifest.go +++ b/internal/provider/eks_services_k8s_aws_v1alpha1/eks_services_k8s_aws_cluster_v1alpha1_manifest.go @@ -81,7 +81,7 @@ type EksServicesK8SAwsClusterV1Alpha1ManifestData struct { ResourcesVPCConfig *struct { EndpointPrivateAccess *bool `tfsdk:"endpoint_private_access" json:"endpointPrivateAccess,omitempty"` EndpointPublicAccess *bool `tfsdk:"endpoint_public_access" json:"endpointPublicAccess,omitempty"` - PublicAccessCIDRs *[]string `tfsdk:"public_access_cid_rs" json:"publicAccessCIDRs,omitempty"` + PublicAccessCIDRs *[]string `tfsdk:"public_access_cidrs" json:"publicAccessCIDRs,omitempty"` SecurityGroupIDs *[]string `tfsdk:"security_group_i_ds" json:"securityGroupIDs,omitempty"` SecurityGroupRefs *[]struct { From *struct { @@ -423,7 +423,7 @@ func (r *EksServicesK8SAwsClusterV1Alpha1Manifest) Schema(_ context.Context, _ d Computed: false, }, - "public_access_cid_rs": schema.ListAttribute{ + "public_access_cidrs": schema.ListAttribute{ Description: "", MarkdownDescription: "", ElementType: types.StringType, diff --git a/internal/provider/elbv2_k8s_aws_v1beta1/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.go b/internal/provider/elbv2_k8s_aws_v1beta1/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.go index 9ff20c6d2..a88b12ff1 100644 --- a/internal/provider/elbv2_k8s_aws_v1beta1/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.go +++ b/internal/provider/elbv2_k8s_aws_v1beta1/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.go @@ -46,7 +46,7 @@ type Elbv2K8SAwsIngressClassParamsV1Beta1ManifestData struct { Group *struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"group" json:"group,omitempty"` - InboundCIDRs *[]string `tfsdk:"inbound_cid_rs" json:"inboundCIDRs,omitempty"` + InboundCIDRs *[]string `tfsdk:"inbound_cidrs" json:"inboundCIDRs,omitempty"` IpAddressType *string `tfsdk:"ip_address_type" json:"ipAddressType,omitempty"` LoadBalancerAttributes *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -164,7 +164,7 @@ func (r *Elbv2K8SAwsIngressClassParamsV1Beta1Manifest) Schema(_ context.Context, Computed: false, }, - "inbound_cid_rs": schema.ListAttribute{ + "inbound_cidrs": schema.ListAttribute{ Description: "InboundCIDRs specifies the CIDRs that are allowed to access the Ingresses that belong to IngressClass with this IngressClassParams.", MarkdownDescription: "InboundCIDRs specifies the CIDRs that are allowed to access the Ingresses that belong to IngressClass with this IngressClassParams.", ElementType: types.StringType, diff --git a/internal/provider/flows_netobserv_io_v1beta1/flows_netobserv_io_flow_collector_v1beta1_manifest.go b/internal/provider/flows_netobserv_io_v1beta1/flows_netobserv_io_flow_collector_v1beta1_manifest.go index bd56d69a3..8a00a6970 100644 --- a/internal/provider/flows_netobserv_io_v1beta1/flows_netobserv_io_flow_collector_v1beta1_manifest.go +++ b/internal/provider/flows_netobserv_io_v1beta1/flows_netobserv_io_flow_collector_v1beta1_manifest.go @@ -98,8 +98,7 @@ type FlowsNetobservIoFlowCollectorV1Beta1ManifestData struct { Privileged *bool `tfsdk:"privileged" json:"privileged,omitempty"` Resources *struct { Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Request *string `tfsdk:"request" json:"request,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` @@ -229,8 +228,7 @@ type FlowsNetobservIoFlowCollectorV1Beta1ManifestData struct { Replicas *int64 `tfsdk:"replicas" json:"replicas,omitempty"` Resources *struct { Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Request *string `tfsdk:"request" json:"request,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` @@ -509,8 +507,7 @@ type FlowsNetobservIoFlowCollectorV1Beta1ManifestData struct { ProfilePort *int64 `tfsdk:"profile_port" json:"profilePort,omitempty"` Resources *struct { Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Request *string `tfsdk:"request" json:"request,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` @@ -710,8 +707,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, }, "dest_ports": schema.StringAttribute{ - Description: "DestPorts defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example, destPorts: 80.To filter a range of ports, use a 'start-end' range in string format. For example, destPorts: '80-100'.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", - MarkdownDescription: "DestPorts defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example, destPorts: 80.To filter a range of ports, use a 'start-end' range in string format. For example, destPorts: '80-100'.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", + Description: "DestPorts defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example destPorts: 80.To filter a range of ports, use a 'start-end' range, string format. For example destPorts: '80-100'.", + MarkdownDescription: "DestPorts defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example destPorts: 80.To filter a range of ports, use a 'start-end' range, string format. For example destPorts: '80-100'.", Required: false, Optional: true, Computed: false, @@ -761,8 +758,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, }, "ports": schema.StringAttribute{ - Description: "Ports defines the ports to filter flows by. it can be user for either source or destination ports.To filter a single port, set a single port as an integer value. For example, ports: 80.To filter a range of ports, use a 'start-end' range in string format. For example, ports: '80-100'.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", - MarkdownDescription: "Ports defines the ports to filter flows by. it can be user for either source or destination ports.To filter a single port, set a single port as an integer value. For example, ports: 80.To filter a range of ports, use a 'start-end' range in string format. For example, ports: '80-100'.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", + Description: "Ports defines the ports to filter flows by. it can be user for either source or destination ports.To filter a single port, set a single port as an integer value. For example ports: 80.To filter a range of ports, use a 'start-end' range, string format. For example ports: '80-10", + MarkdownDescription: "Ports defines the ports to filter flows by. it can be user for either source or destination ports.To filter a single port, set a single port as an integer value. For example ports: 80.To filter a range of ports, use a 'start-end' range, string format. For example ports: '80-10", Required: false, Optional: true, Computed: false, @@ -780,8 +777,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, }, "source_ports": schema.StringAttribute{ - Description: "SourcePorts defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example, sourcePorts: 80.To filter a range of ports, use a 'start-end' range in string format. For example, sourcePorts: '80-100'.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", - MarkdownDescription: "SourcePorts defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example, sourcePorts: 80.To filter a range of ports, use a 'start-end' range in string format. For example, sourcePorts: '80-100'.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", + Description: "SourcePorts defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example sourcePorts: 80.To filter a range of ports, use a 'start-end' range, string format. For example sourcePorts: '80-100'.", + MarkdownDescription: "SourcePorts defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example sourcePorts: 80.To filter a range of ports, use a 'start-end' range, string format. For example sourcePorts: '80-100'.", Required: false, Optional: true, Computed: false, @@ -990,8 +987,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, "type": schema.StringAttribute{ Description: "Select the type of TLS configuration:
- 'DISABLED' (default) to not configure TLS for the endpoint.- 'PROVIDED' to manually provide cert file and a key file. [Unsupported (*)].- 'AUTO' to use OpenShift auto generated certificate using annotations.", MarkdownDescription: "Select the type of TLS configuration:
- 'DISABLED' (default) to not configure TLS for the endpoint.- 'PROVIDED' to manually provide cert file and a key file. [Unsupported (*)].- 'AUTO' to use OpenShift auto generated certificate using annotations.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.OneOf("DISABLED", "PROVIDED", "AUTO"), @@ -1037,14 +1034,6 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, Optional: false, Computed: false, }, - - "request": schema.StringAttribute{ - Description: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - MarkdownDescription: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - Required: false, - Optional: true, - Computed: false, - }, }, }, Required: false, @@ -1925,14 +1914,6 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, Optional: false, Computed: false, }, - - "request": schema.StringAttribute{ - Description: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - MarkdownDescription: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - Required: false, - Optional: true, - Computed: false, - }, }, }, Required: false, @@ -3841,8 +3822,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, "type": schema.StringAttribute{ Description: "Select the type of TLS configuration:
- 'DISABLED' (default) to not configure TLS for the endpoint.- 'PROVIDED' to manually provide cert file and a key file. [Unsupported (*)].- 'AUTO' to use OpenShift auto generated certificate using annotations.", MarkdownDescription: "Select the type of TLS configuration:
- 'DISABLED' (default) to not configure TLS for the endpoint.- 'PROVIDED' to manually provide cert file and a key file. [Unsupported (*)].- 'AUTO' to use OpenShift auto generated certificate using annotations.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.OneOf("DISABLED", "PROVIDED", "AUTO"), @@ -3912,14 +3893,6 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, Optional: false, Computed: false, }, - - "request": schema.StringAttribute{ - Description: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - MarkdownDescription: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - Required: false, - Optional: true, - Computed: false, - }, }, }, Required: false, @@ -3963,16 +3936,16 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, Description: "List of CIDRs, such as '['1.2.3.4/32']'.", MarkdownDescription: "List of CIDRs, such as '['1.2.3.4/32']'.", ElementType: types.StringType, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, "name": schema.StringAttribute{ Description: "Label name, used to flag matching flows.", MarkdownDescription: "Label name, used to flag matching flows.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, }, @@ -4173,8 +4146,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta1Manifest) Schema(_ context.Context, "mode": schema.StringAttribute{ Description: "'mode' must be set according to the type of Prometheus installation that stores NetObserv metrics:
- Use 'Auto' to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- Use 'Manual' for a manual setup
", MarkdownDescription: "'mode' must be set according to the type of Prometheus installation that stores NetObserv metrics:
- Use 'Auto' to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- Use 'Manual' for a manual setup
", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.OneOf("Manual", "Auto"), diff --git a/internal/provider/flows_netobserv_io_v1beta2/flows_netobserv_io_flow_collector_v1beta2_manifest.go b/internal/provider/flows_netobserv_io_v1beta2/flows_netobserv_io_flow_collector_v1beta2_manifest.go index b1de296e7..2bf693c10 100644 --- a/internal/provider/flows_netobserv_io_v1beta2/flows_netobserv_io_flow_collector_v1beta2_manifest.go +++ b/internal/provider/flows_netobserv_io_v1beta2/flows_netobserv_io_flow_collector_v1beta2_manifest.go @@ -240,8 +240,7 @@ type FlowsNetobservIoFlowCollectorV1Beta2ManifestData struct { Privileged *bool `tfsdk:"privileged" json:"privileged,omitempty"` Resources *struct { Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Request *string `tfsdk:"request" json:"request,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` @@ -517,8 +516,7 @@ type FlowsNetobservIoFlowCollectorV1Beta2ManifestData struct { Replicas *int64 `tfsdk:"replicas" json:"replicas,omitempty"` Resources *struct { Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Request *string `tfsdk:"request" json:"request,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` @@ -1032,8 +1030,7 @@ type FlowsNetobservIoFlowCollectorV1Beta2ManifestData struct { MultiClusterDeployment *bool `tfsdk:"multi_cluster_deployment" json:"multiClusterDeployment,omitempty"` Resources *struct { Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Request *string `tfsdk:"request" json:"request,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` @@ -1441,8 +1438,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1450,8 +1447,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1608,8 +1605,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1617,8 +1614,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1775,8 +1772,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1784,8 +1781,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1942,8 +1939,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1951,8 +1948,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2188,8 +2185,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "dest_ports": schema.StringAttribute{ - Description: "'destPorts' defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example, 'destPorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example, 'destPorts: '80-100''.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", - MarkdownDescription: "'destPorts' defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example, 'destPorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example, 'destPorts: '80-100''.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", + Description: "'destPorts' defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example: 'destPorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example: 'destPorts: '80-100''.", + MarkdownDescription: "'destPorts' defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example: 'destPorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example: 'destPorts: '80-100''.", Required: false, Optional: true, Computed: false, @@ -2239,8 +2236,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "ports": schema.StringAttribute{ - Description: "'ports' defines the ports to filter flows by. It is used both for source and destination ports.To filter a single port, set a single port as an integer value. For example, 'ports: 80'.To filter a range of ports, use a 'start-end' range in string format. For example, 'ports: '80-100''.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", - MarkdownDescription: "'ports' defines the ports to filter flows by. It is used both for source and destination ports.To filter a single port, set a single port as an integer value. For example, 'ports: 80'.To filter a range of ports, use a 'start-end' range in string format. For example, 'ports: '80-100''.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", + Description: "'ports' defines the ports to filter flows by. It is used both for source and destination ports.To filter a single port, set a single port as an integer value. For example: 'ports: 80'.To filter a range of ports, use a 'start-end' range in string format. For example: 'ports: '80-100''.", + MarkdownDescription: "'ports' defines the ports to filter flows by. It is used both for source and destination ports.To filter a single port, set a single port as an integer value. For example: 'ports: 80'.To filter a range of ports, use a 'start-end' range in string format. For example: 'ports: '80-100''.", Required: false, Optional: true, Computed: false, @@ -2258,8 +2255,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "source_ports": schema.StringAttribute{ - Description: "'sourcePorts' defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example, 'sourcePorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example, 'sourcePorts: '80-100''.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", - MarkdownDescription: "'sourcePorts' defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example, 'sourcePorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example, 'sourcePorts: '80-100''.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''.", + Description: "'sourcePorts' defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example: 'sourcePorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example: 'sourcePorts: '80-100''.", + MarkdownDescription: "'sourcePorts' defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example: 'sourcePorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example: 'sourcePorts: '80-100''.", Required: false, Optional: true, Computed: false, @@ -2468,8 +2465,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, "type": schema.StringAttribute{ Description: "Select the type of TLS configuration:
- 'Disabled' (default) to not configure TLS for the endpoint.- 'Provided' to manually provide cert file and a key file. [Unsupported (*)].- 'Auto' to use OpenShift auto generated certificate using annotations.", MarkdownDescription: "Select the type of TLS configuration:
- 'Disabled' (default) to not configure TLS for the endpoint.- 'Provided' to manually provide cert file and a key file. [Unsupported (*)].- 'Auto' to use OpenShift auto generated certificate using annotations.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.OneOf("Disabled", "Provided", "Auto"), @@ -2515,14 +2512,6 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, Optional: false, Computed: false, }, - - "request": schema.StringAttribute{ - Description: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - MarkdownDescription: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - Required: false, - Optional: true, - Computed: false, - }, }, }, Required: false, @@ -3008,8 +2997,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3017,8 +3006,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3175,8 +3164,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3184,8 +3173,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3342,8 +3331,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3351,8 +3340,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3509,8 +3498,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3518,8 +3507,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4385,14 +4374,6 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, Optional: false, Computed: false, }, - - "request": schema.StringAttribute{ - Description: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - MarkdownDescription: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - Required: false, - Optional: true, - Computed: false, - }, }, }, Required: false, @@ -5336,8 +5317,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, "name": schema.StringAttribute{ Description: "Name of an existing LokiStack resource to use.", MarkdownDescription: "Name of an existing LokiStack resource to use.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, @@ -5829,8 +5810,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, "mode": schema.StringAttribute{ Description: "'mode' must be set according to the installation mode of Loki:
- Use 'LokiStack' when Loki is managed using the Loki Operator
- Use 'Monolithic' when Loki is installed as a monolithic workload
- Use 'Microservices' when Loki is installed as microservices, but without Loki Operator
- Use 'Manual' if none of the options above match your setup
", MarkdownDescription: "'mode' must be set according to the installation mode of Loki:
- Use 'LokiStack' when Loki is managed using the Loki Operator
- Use 'Monolithic' when Loki is installed as a monolithic workload
- Use 'Microservices' when Loki is installed as microservices, but without Loki Operator
- Use 'Manual' if none of the options above match your setup
", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.OneOf("Manual", "LokiStack", "Monolithic", "Microservices"), @@ -6443,8 +6424,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -6452,8 +6433,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -6610,8 +6591,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -6619,8 +6600,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -6777,8 +6758,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -6786,8 +6767,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -6944,8 +6925,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -6953,8 +6934,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -7918,8 +7899,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, "type": schema.StringAttribute{ Description: "Select the type of TLS configuration:
- 'Disabled' (default) to not configure TLS for the endpoint.- 'Provided' to manually provide cert file and a key file. [Unsupported (*)].- 'Auto' to use OpenShift auto generated certificate using annotations.", MarkdownDescription: "Select the type of TLS configuration:
- 'Disabled' (default) to not configure TLS for the endpoint.- 'Provided' to manually provide cert file and a key file. [Unsupported (*)].- 'Auto' to use OpenShift auto generated certificate using annotations.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.OneOf("Disabled", "Provided", "Auto"), @@ -7965,14 +7946,6 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, Optional: false, Computed: false, }, - - "request": schema.StringAttribute{ - Description: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - MarkdownDescription: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - Required: false, - Optional: true, - Computed: false, - }, }, }, Required: false, @@ -8016,16 +7989,16 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, Description: "List of CIDRs, such as '['1.2.3.4/32']'.", MarkdownDescription: "List of CIDRs, such as '['1.2.3.4/32']'.", ElementType: types.StringType, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, "name": schema.StringAttribute{ Description: "Label name, used to flag matching flows.", MarkdownDescription: "Label name, used to flag matching flows.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, }, @@ -8226,8 +8199,8 @@ func (r *FlowsNetobservIoFlowCollectorV1Beta2Manifest) Schema(_ context.Context, "mode": schema.StringAttribute{ Description: "'mode' must be set according to the type of Prometheus installation that stores NetObserv metrics:
- Use 'Auto' to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- Use 'Manual' for a manual setup
", MarkdownDescription: "'mode' must be set according to the type of Prometheus installation that stores NetObserv metrics:
- Use 'Auto' to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- Use 'Manual' for a manual setup
", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.OneOf("Manual", "Auto"), diff --git a/internal/provider/fluentbit_fluent_io_v1alpha2/fluentbit_fluent_io_cluster_output_v1alpha2_manifest.go b/internal/provider/fluentbit_fluent_io_v1alpha2/fluentbit_fluent_io_cluster_output_v1alpha2_manifest.go index 2bc5c3cff..dd45f533a 100644 --- a/internal/provider/fluentbit_fluent_io_v1alpha2/fluentbit_fluent_io_cluster_output_v1alpha2_manifest.go +++ b/internal/provider/fluentbit_fluent_io_v1alpha2/fluentbit_fluent_io_cluster_output_v1alpha2_manifest.go @@ -163,31 +163,13 @@ type FluentbitFluentIoClusterOutputV1Alpha2ManifestData struct { Tls *bool `tfsdk:"tls" json:"tls,omitempty"` } `tfsdk:"datadog" json:"datadog,omitempty"` Es *struct { - AwsAuth *string `tfsdk:"aws_auth" json:"awsAuth,omitempty"` - AwsAuthSecret *struct { - ValueFrom *struct { - SecretKeyRef *struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Optional *bool `tfsdk:"optional" json:"optional,omitempty"` - } `tfsdk:"secret_key_ref" json:"secretKeyRef,omitempty"` - } `tfsdk:"value_from" json:"valueFrom,omitempty"` - } `tfsdk:"aws_auth_secret" json:"awsAuthSecret,omitempty"` - AwsExternalID *string `tfsdk:"aws_external_id" json:"awsExternalID,omitempty"` - AwsRegion *string `tfsdk:"aws_region" json:"awsRegion,omitempty"` - AwsRoleARN *string `tfsdk:"aws_role_arn" json:"awsRoleARN,omitempty"` - AwsSTSEndpoint *string `tfsdk:"aws_sts_endpoint" json:"awsSTSEndpoint,omitempty"` - BufferSize *string `tfsdk:"buffer_size" json:"bufferSize,omitempty"` - CloudAuth *string `tfsdk:"cloud_auth" json:"cloudAuth,omitempty"` - CloudAuthSecret *struct { - ValueFrom *struct { - SecretKeyRef *struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Optional *bool `tfsdk:"optional" json:"optional,omitempty"` - } `tfsdk:"secret_key_ref" json:"secretKeyRef,omitempty"` - } `tfsdk:"value_from" json:"valueFrom,omitempty"` - } `tfsdk:"cloud_auth_secret" json:"cloudAuthSecret,omitempty"` + AwsAuth *string `tfsdk:"aws_auth" json:"awsAuth,omitempty"` + AwsExternalID *string `tfsdk:"aws_external_id" json:"awsExternalID,omitempty"` + AwsRegion *string `tfsdk:"aws_region" json:"awsRegion,omitempty"` + AwsRoleARN *string `tfsdk:"aws_role_arn" json:"awsRoleARN,omitempty"` + AwsSTSEndpoint *string `tfsdk:"aws_sts_endpoint" json:"awsSTSEndpoint,omitempty"` + BufferSize *string `tfsdk:"buffer_size" json:"bufferSize,omitempty"` + CloudAuth *string `tfsdk:"cloud_auth" json:"cloudAuth,omitempty"` CloudID *string `tfsdk:"cloud_id" json:"cloudID,omitempty"` Compress *string `tfsdk:"compress" json:"compress,omitempty"` CurrentTimeIndex *bool `tfsdk:"current_time_index" json:"currentTimeIndex,omitempty"` @@ -1979,57 +1961,6 @@ func (r *FluentbitFluentIoClusterOutputV1Alpha2Manifest) Schema(_ context.Contex Computed: false, }, - "aws_auth_secret": schema.SingleNestedAttribute{ - Description: "AWSAuthSecret Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service.", - MarkdownDescription: "AWSAuthSecret Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service.", - Attributes: map[string]schema.Attribute{ - "value_from": schema.SingleNestedAttribute{ - Description: "ValueSource defines how to find a value's key.", - MarkdownDescription: "ValueSource defines how to find a value's key.", - Attributes: map[string]schema.Attribute{ - "secret_key_ref": schema.SingleNestedAttribute{ - Description: "Selects a key of a secret in the pod's namespace", - MarkdownDescription: "Selects a key of a secret in the pod's namespace", - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "The key of the secret to select from. Must be a valid secret key.", - MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", - Required: true, - Optional: false, - Computed: false, - }, - - "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - Required: false, - Optional: true, - Computed: false, - }, - - "optional": schema.BoolAttribute{ - Description: "Specify whether the Secret or its key must be defined", - MarkdownDescription: "Specify whether the Secret or its key must be defined", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "aws_external_id": schema.StringAttribute{ Description: "External ID for the AWS IAM Role specified with aws_role_arn.", MarkdownDescription: "External ID for the AWS IAM Role specified with aws_role_arn.", @@ -2081,57 +2012,6 @@ func (r *FluentbitFluentIoClusterOutputV1Alpha2Manifest) Schema(_ context.Contex Computed: false, }, - "cloud_auth_secret": schema.SingleNestedAttribute{ - Description: "CloudAuthSecret Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud.", - MarkdownDescription: "CloudAuthSecret Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud.", - Attributes: map[string]schema.Attribute{ - "value_from": schema.SingleNestedAttribute{ - Description: "ValueSource defines how to find a value's key.", - MarkdownDescription: "ValueSource defines how to find a value's key.", - Attributes: map[string]schema.Attribute{ - "secret_key_ref": schema.SingleNestedAttribute{ - Description: "Selects a key of a secret in the pod's namespace", - MarkdownDescription: "Selects a key of a secret in the pod's namespace", - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "The key of the secret to select from. Must be a valid secret key.", - MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", - Required: true, - Optional: false, - Computed: false, - }, - - "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - Required: false, - Optional: true, - Computed: false, - }, - - "optional": schema.BoolAttribute{ - Description: "Specify whether the Secret or its key must be defined", - MarkdownDescription: "Specify whether the Secret or its key must be defined", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "cloud_id": schema.StringAttribute{ Description: "If you are using Elastic's Elasticsearch Service you can specify the cloud_id of the cluster running.", MarkdownDescription: "If you are using Elastic's Elasticsearch Service you can specify the cloud_id of the cluster running.", diff --git a/internal/provider/fluentbit_fluent_io_v1alpha2/fluentbit_fluent_io_output_v1alpha2_manifest.go b/internal/provider/fluentbit_fluent_io_v1alpha2/fluentbit_fluent_io_output_v1alpha2_manifest.go index 3c270b86e..a0d4e4762 100644 --- a/internal/provider/fluentbit_fluent_io_v1alpha2/fluentbit_fluent_io_output_v1alpha2_manifest.go +++ b/internal/provider/fluentbit_fluent_io_v1alpha2/fluentbit_fluent_io_output_v1alpha2_manifest.go @@ -164,31 +164,13 @@ type FluentbitFluentIoOutputV1Alpha2ManifestData struct { Tls *bool `tfsdk:"tls" json:"tls,omitempty"` } `tfsdk:"datadog" json:"datadog,omitempty"` Es *struct { - AwsAuth *string `tfsdk:"aws_auth" json:"awsAuth,omitempty"` - AwsAuthSecret *struct { - ValueFrom *struct { - SecretKeyRef *struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Optional *bool `tfsdk:"optional" json:"optional,omitempty"` - } `tfsdk:"secret_key_ref" json:"secretKeyRef,omitempty"` - } `tfsdk:"value_from" json:"valueFrom,omitempty"` - } `tfsdk:"aws_auth_secret" json:"awsAuthSecret,omitempty"` - AwsExternalID *string `tfsdk:"aws_external_id" json:"awsExternalID,omitempty"` - AwsRegion *string `tfsdk:"aws_region" json:"awsRegion,omitempty"` - AwsRoleARN *string `tfsdk:"aws_role_arn" json:"awsRoleARN,omitempty"` - AwsSTSEndpoint *string `tfsdk:"aws_sts_endpoint" json:"awsSTSEndpoint,omitempty"` - BufferSize *string `tfsdk:"buffer_size" json:"bufferSize,omitempty"` - CloudAuth *string `tfsdk:"cloud_auth" json:"cloudAuth,omitempty"` - CloudAuthSecret *struct { - ValueFrom *struct { - SecretKeyRef *struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Optional *bool `tfsdk:"optional" json:"optional,omitempty"` - } `tfsdk:"secret_key_ref" json:"secretKeyRef,omitempty"` - } `tfsdk:"value_from" json:"valueFrom,omitempty"` - } `tfsdk:"cloud_auth_secret" json:"cloudAuthSecret,omitempty"` + AwsAuth *string `tfsdk:"aws_auth" json:"awsAuth,omitempty"` + AwsExternalID *string `tfsdk:"aws_external_id" json:"awsExternalID,omitempty"` + AwsRegion *string `tfsdk:"aws_region" json:"awsRegion,omitempty"` + AwsRoleARN *string `tfsdk:"aws_role_arn" json:"awsRoleARN,omitempty"` + AwsSTSEndpoint *string `tfsdk:"aws_sts_endpoint" json:"awsSTSEndpoint,omitempty"` + BufferSize *string `tfsdk:"buffer_size" json:"bufferSize,omitempty"` + CloudAuth *string `tfsdk:"cloud_auth" json:"cloudAuth,omitempty"` CloudID *string `tfsdk:"cloud_id" json:"cloudID,omitempty"` Compress *string `tfsdk:"compress" json:"compress,omitempty"` CurrentTimeIndex *bool `tfsdk:"current_time_index" json:"currentTimeIndex,omitempty"` @@ -1992,57 +1974,6 @@ func (r *FluentbitFluentIoOutputV1Alpha2Manifest) Schema(_ context.Context, _ da Computed: false, }, - "aws_auth_secret": schema.SingleNestedAttribute{ - Description: "AWSAuthSecret Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service.", - MarkdownDescription: "AWSAuthSecret Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service.", - Attributes: map[string]schema.Attribute{ - "value_from": schema.SingleNestedAttribute{ - Description: "ValueSource defines how to find a value's key.", - MarkdownDescription: "ValueSource defines how to find a value's key.", - Attributes: map[string]schema.Attribute{ - "secret_key_ref": schema.SingleNestedAttribute{ - Description: "Selects a key of a secret in the pod's namespace", - MarkdownDescription: "Selects a key of a secret in the pod's namespace", - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "The key of the secret to select from. Must be a valid secret key.", - MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", - Required: true, - Optional: false, - Computed: false, - }, - - "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - Required: false, - Optional: true, - Computed: false, - }, - - "optional": schema.BoolAttribute{ - Description: "Specify whether the Secret or its key must be defined", - MarkdownDescription: "Specify whether the Secret or its key must be defined", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "aws_external_id": schema.StringAttribute{ Description: "External ID for the AWS IAM Role specified with aws_role_arn.", MarkdownDescription: "External ID for the AWS IAM Role specified with aws_role_arn.", @@ -2094,57 +2025,6 @@ func (r *FluentbitFluentIoOutputV1Alpha2Manifest) Schema(_ context.Context, _ da Computed: false, }, - "cloud_auth_secret": schema.SingleNestedAttribute{ - Description: "CloudAuthSecret Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud.", - MarkdownDescription: "CloudAuthSecret Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud.", - Attributes: map[string]schema.Attribute{ - "value_from": schema.SingleNestedAttribute{ - Description: "ValueSource defines how to find a value's key.", - MarkdownDescription: "ValueSource defines how to find a value's key.", - Attributes: map[string]schema.Attribute{ - "secret_key_ref": schema.SingleNestedAttribute{ - Description: "Selects a key of a secret in the pod's namespace", - MarkdownDescription: "Selects a key of a secret in the pod's namespace", - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "The key of the secret to select from. Must be a valid secret key.", - MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", - Required: true, - Optional: false, - Computed: false, - }, - - "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - Required: false, - Optional: true, - Computed: false, - }, - - "optional": schema.BoolAttribute{ - Description: "Specify whether the Secret or its key must be defined", - MarkdownDescription: "Specify whether the Secret or its key must be defined", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "cloud_id": schema.StringAttribute{ Description: "If you are using Elastic's Elasticsearch Service you can specify the cloud_id of the cluster running.", MarkdownDescription: "If you are using Elastic's Elasticsearch Service you can specify the cloud_id of the cluster running.", diff --git a/internal/provider/forklift_konveyor_io_v1beta1/forklift_konveyor_io_plan_v1beta1_manifest.go b/internal/provider/forklift_konveyor_io_v1beta1/forklift_konveyor_io_plan_v1beta1_manifest.go index 643935691..1a9952b83 100644 --- a/internal/provider/forklift_konveyor_io_v1beta1/forklift_konveyor_io_plan_v1beta1_manifest.go +++ b/internal/provider/forklift_konveyor_io_v1beta1/forklift_konveyor_io_plan_v1beta1_manifest.go @@ -371,8 +371,8 @@ func (r *ForkliftKonveyorIoPlanV1Beta1Manifest) Schema(_ context.Context, _ data }, "preserve_static_i_ps": schema.BoolAttribute{ - Description: "Preserve static IPs of VMs in vSphere", - MarkdownDescription: "Preserve static IPs of VMs in vSphere", + Description: "Preserve static IPs of VMs in vSphere (Windows only)", + MarkdownDescription: "Preserve static IPs of VMs in vSphere (Windows only)", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/gateway_nginx_org_v1alpha1/gateway_nginx_org_client_settings_policy_v1alpha1_manifest.go b/internal/provider/gateway_nginx_org_v1alpha1/gateway_nginx_org_client_settings_policy_v1alpha1_manifest.go index e22955549..baee5943f 100644 --- a/internal/provider/gateway_nginx_org_v1alpha1/gateway_nginx_org_client_settings_policy_v1alpha1_manifest.go +++ b/internal/provider/gateway_nginx_org_v1alpha1/gateway_nginx_org_client_settings_policy_v1alpha1_manifest.go @@ -164,7 +164,7 @@ func (r *GatewayNginxOrgClientSettingsPolicyV1Alpha1Manifest) Schema(_ context.C Optional: true, Computed: false, Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^[0-9]{1,4}(ms|s|m|h)?$`), ""), + stringvalidator.RegexMatches(regexp.MustCompile(`^\d{1,4}(ms|s)?$`), ""), }, }, }, @@ -195,7 +195,7 @@ func (r *GatewayNginxOrgClientSettingsPolicyV1Alpha1Manifest) Schema(_ context.C Optional: true, Computed: false, Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^[0-9]{1,4}(ms|s|m|h)?$`), ""), + stringvalidator.RegexMatches(regexp.MustCompile(`^\d{1,4}(ms|s)?$`), ""), }, }, @@ -210,7 +210,7 @@ func (r *GatewayNginxOrgClientSettingsPolicyV1Alpha1Manifest) Schema(_ context.C Optional: true, Computed: false, Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^[0-9]{1,4}(ms|s|m|h)?$`), ""), + stringvalidator.RegexMatches(regexp.MustCompile(`^\d{1,4}(ms|s)?$`), ""), }, }, @@ -221,7 +221,7 @@ func (r *GatewayNginxOrgClientSettingsPolicyV1Alpha1Manifest) Schema(_ context.C Optional: true, Computed: false, Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^[0-9]{1,4}(ms|s|m|h)?$`), ""), + stringvalidator.RegexMatches(regexp.MustCompile(`^\d{1,4}(ms|s)?$`), ""), }, }, }, diff --git a/internal/provider/gateway_nginx_org_v1alpha1/gateway_nginx_org_nginx_proxy_v1alpha1_manifest.go b/internal/provider/gateway_nginx_org_v1alpha1/gateway_nginx_org_nginx_proxy_v1alpha1_manifest.go index d50e154ea..46fe88f53 100644 --- a/internal/provider/gateway_nginx_org_v1alpha1/gateway_nginx_org_nginx_proxy_v1alpha1_manifest.go +++ b/internal/provider/gateway_nginx_org_v1alpha1/gateway_nginx_org_nginx_proxy_v1alpha1_manifest.go @@ -44,17 +44,9 @@ type GatewayNginxOrgNginxProxyV1Alpha1ManifestData struct { } `tfsdk:"metadata" json:"metadata"` Spec *struct { - DisableHTTP2 *bool `tfsdk:"disable_http2" json:"disableHTTP2,omitempty"` - IpFamily *string `tfsdk:"ip_family" json:"ipFamily,omitempty"` - RewriteClientIP *struct { - Mode *string `tfsdk:"mode" json:"mode,omitempty"` - SetIPRecursively *bool `tfsdk:"set_ip_recursively" json:"setIPRecursively,omitempty"` - TrustedAddresses *[]struct { - Type *string `tfsdk:"type" json:"type,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"trusted_addresses" json:"trustedAddresses,omitempty"` - } `tfsdk:"rewrite_client_ip" json:"rewriteClientIP,omitempty"` - Telemetry *struct { + DisableHTTP2 *bool `tfsdk:"disable_http2" json:"disableHTTP2,omitempty"` + IpFamily *string `tfsdk:"ip_family" json:"ipFamily,omitempty"` + Telemetry *struct { Exporter *struct { BatchCount *int64 `tfsdk:"batch_count" json:"batchCount,omitempty"` BatchSize *int64 `tfsdk:"batch_size" json:"batchSize,omitempty"` @@ -154,64 +146,6 @@ func (r *GatewayNginxOrgNginxProxyV1Alpha1Manifest) Schema(_ context.Context, _ }, }, - "rewrite_client_ip": schema.SingleNestedAttribute{ - Description: "RewriteClientIP defines configuration for rewriting the client IP to the original client's IP.", - MarkdownDescription: "RewriteClientIP defines configuration for rewriting the client IP to the original client's IP.", - Attributes: map[string]schema.Attribute{ - "mode": schema.StringAttribute{ - Description: "Mode defines how NGINX will rewrite the client's IP address.There are two possible modes:- ProxyProtocol: NGINX will rewrite the client's IP using the PROXY protocol header.- XForwardedFor: NGINX will rewrite the client's IP using the X-Forwarded-For header.Sets NGINX directive real_ip_header: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header", - MarkdownDescription: "Mode defines how NGINX will rewrite the client's IP address.There are two possible modes:- ProxyProtocol: NGINX will rewrite the client's IP using the PROXY protocol header.- XForwardedFor: NGINX will rewrite the client's IP using the X-Forwarded-For header.Sets NGINX directive real_ip_header: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("ProxyProtocol", "XForwardedFor"), - }, - }, - - "set_ip_recursively": schema.BoolAttribute{ - Description: "SetIPRecursively configures whether recursive search is used when selecting the client's address fromthe X-Forwarded-For header. It is used in conjunction with TrustedAddresses.If enabled, NGINX will recurse on the values in X-Forwarded-Header from the end of arrayto start of array and select the first untrusted IP.For example, if X-Forwarded-For is [11.11.11.11, 22.22.22.22, 55.55.55.1],and TrustedAddresses is set to 55.55.55.1/32, NGINX will rewrite the client IP to 22.22.22.22.If disabled, NGINX will select the IP at the end of the array.In the previous example, 55.55.55.1 would be selected.Sets NGINX directive real_ip_recursive: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive", - MarkdownDescription: "SetIPRecursively configures whether recursive search is used when selecting the client's address fromthe X-Forwarded-For header. It is used in conjunction with TrustedAddresses.If enabled, NGINX will recurse on the values in X-Forwarded-Header from the end of arrayto start of array and select the first untrusted IP.For example, if X-Forwarded-For is [11.11.11.11, 22.22.22.22, 55.55.55.1],and TrustedAddresses is set to 55.55.55.1/32, NGINX will rewrite the client IP to 22.22.22.22.If disabled, NGINX will select the IP at the end of the array.In the previous example, 55.55.55.1 would be selected.Sets NGINX directive real_ip_recursive: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive", - Required: false, - Optional: true, - Computed: false, - }, - - "trusted_addresses": schema.ListNestedAttribute{ - Description: "TrustedAddresses specifies the addresses that are trusted to send correct client IP information.If a request comes from a trusted address, NGINX will rewrite the client IP information,and forward it to the backend in the X-Forwarded-For* and X-Real-IP headers.If the request does not come from a trusted address, NGINX will not rewrite the client IP information.TrustedAddresses only supports CIDR blocks: 192.33.21.1/24, fe80::1/64.To trust all addresses (not recommended for production), set to 0.0.0.0/0.If no addresses are provided, NGINX will not rewrite the client IP information.Sets NGINX directive set_real_ip_from: https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_fromThis field is required if mode is set.", - MarkdownDescription: "TrustedAddresses specifies the addresses that are trusted to send correct client IP information.If a request comes from a trusted address, NGINX will rewrite the client IP information,and forward it to the backend in the X-Forwarded-For* and X-Real-IP headers.If the request does not come from a trusted address, NGINX will not rewrite the client IP information.TrustedAddresses only supports CIDR blocks: 192.33.21.1/24, fe80::1/64.To trust all addresses (not recommended for production), set to 0.0.0.0/0.If no addresses are provided, NGINX will not rewrite the client IP information.Sets NGINX directive set_real_ip_from: https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_fromThis field is required if mode is set.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "type": schema.StringAttribute{ - Description: "Type specifies the type of address.Default is 'cidr' which specifies that the address is a CIDR block.", - MarkdownDescription: "Type specifies the type of address.Default is 'cidr' which specifies that the address is a CIDR block.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("cidr"), - }, - }, - - "value": schema.StringAttribute{ - Description: "Value specifies the address value.", - MarkdownDescription: "Value specifies the address value.", - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "telemetry": schema.SingleNestedAttribute{ Description: "Telemetry specifies the OpenTelemetry configuration.", MarkdownDescription: "Telemetry specifies the OpenTelemetry configuration.", @@ -260,7 +194,7 @@ func (r *GatewayNginxOrgNginxProxyV1Alpha1Manifest) Schema(_ context.Context, _ Optional: true, Computed: false, Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^[0-9]{1,4}(ms|s|m|h)?$`), ""), + stringvalidator.RegexMatches(regexp.MustCompile(`^\d{1,4}(ms|s)?$`), ""), }, }, }, diff --git a/internal/provider/gateway_solo_io_v1/gateway_solo_io_gateway_v1_manifest.go b/internal/provider/gateway_solo_io_v1/gateway_solo_io_gateway_v1_manifest.go index c3a0f0b6a..a7123fada 100644 --- a/internal/provider/gateway_solo_io_v1/gateway_solo_io_gateway_v1_manifest.go +++ b/internal/provider/gateway_solo_io_v1/gateway_solo_io_gateway_v1_manifest.go @@ -598,11 +598,7 @@ type GatewaySoloIoGatewayV1ManifestData struct { Strict *bool `tfsdk:"strict" json:"strict,omitempty"` } `tfsdk:"stateful_session" json:"statefulSession,omitempty"` Tap *struct { - MaxBufferedRxBytes *int64 `tfsdk:"max_buffered_rx_bytes" json:"maxBufferedRxBytes,omitempty"` - MaxBufferedTxBytes *int64 `tfsdk:"max_buffered_tx_bytes" json:"maxBufferedTxBytes,omitempty"` - RecordDownstreamConnection *bool `tfsdk:"record_downstream_connection" json:"recordDownstreamConnection,omitempty"` - RecordHeadersReceivedTime *bool `tfsdk:"record_headers_received_time" json:"recordHeadersReceivedTime,omitempty"` - Sinks *[]struct { + Sinks *[]struct { GrpcService *struct { TapServer *struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -1433,11 +1429,7 @@ type GatewaySoloIoGatewayV1ManifestData struct { Strict *bool `tfsdk:"strict" json:"strict,omitempty"` } `tfsdk:"stateful_session" json:"statefulSession,omitempty"` Tap *struct { - MaxBufferedRxBytes *int64 `tfsdk:"max_buffered_rx_bytes" json:"maxBufferedRxBytes,omitempty"` - MaxBufferedTxBytes *int64 `tfsdk:"max_buffered_tx_bytes" json:"maxBufferedTxBytes,omitempty"` - RecordDownstreamConnection *bool `tfsdk:"record_downstream_connection" json:"recordDownstreamConnection,omitempty"` - RecordHeadersReceivedTime *bool `tfsdk:"record_headers_received_time" json:"recordHeadersReceivedTime,omitempty"` - Sinks *[]struct { + Sinks *[]struct { GrpcService *struct { TapServer *struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -7756,46 +7748,6 @@ func (r *GatewaySoloIoGatewayV1Manifest) Schema(_ context.Context, _ datasource. Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "max_buffered_rx_bytes": schema.Int64Attribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.Int64{ - int64validator.AtLeast(0), - int64validator.AtMost(4.294967295e+09), - }, - }, - - "max_buffered_tx_bytes": schema.Int64Attribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.Int64{ - int64validator.AtLeast(0), - int64validator.AtMost(4.294967295e+09), - }, - }, - - "record_downstream_connection": schema.BoolAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "record_headers_received_time": schema.BoolAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - "sinks": schema.ListNestedAttribute{ Description: "", MarkdownDescription: "", @@ -13469,46 +13421,6 @@ func (r *GatewaySoloIoGatewayV1Manifest) Schema(_ context.Context, _ datasource. Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "max_buffered_rx_bytes": schema.Int64Attribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.Int64{ - int64validator.AtLeast(0), - int64validator.AtMost(4.294967295e+09), - }, - }, - - "max_buffered_tx_bytes": schema.Int64Attribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.Int64{ - int64validator.AtLeast(0), - int64validator.AtMost(4.294967295e+09), - }, - }, - - "record_downstream_connection": schema.BoolAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "record_headers_received_time": schema.BoolAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - "sinks": schema.ListNestedAttribute{ Description: "", MarkdownDescription: "", diff --git a/internal/provider/gateway_solo_io_v1/gateway_solo_io_matchable_http_gateway_v1_manifest.go b/internal/provider/gateway_solo_io_v1/gateway_solo_io_matchable_http_gateway_v1_manifest.go index cd5984c66..21a1be22e 100644 --- a/internal/provider/gateway_solo_io_v1/gateway_solo_io_matchable_http_gateway_v1_manifest.go +++ b/internal/provider/gateway_solo_io_v1/gateway_solo_io_matchable_http_gateway_v1_manifest.go @@ -596,11 +596,7 @@ type GatewaySoloIoMatchableHttpGatewayV1ManifestData struct { Strict *bool `tfsdk:"strict" json:"strict,omitempty"` } `tfsdk:"stateful_session" json:"statefulSession,omitempty"` Tap *struct { - MaxBufferedRxBytes *int64 `tfsdk:"max_buffered_rx_bytes" json:"maxBufferedRxBytes,omitempty"` - MaxBufferedTxBytes *int64 `tfsdk:"max_buffered_tx_bytes" json:"maxBufferedTxBytes,omitempty"` - RecordDownstreamConnection *bool `tfsdk:"record_downstream_connection" json:"recordDownstreamConnection,omitempty"` - RecordHeadersReceivedTime *bool `tfsdk:"record_headers_received_time" json:"recordHeadersReceivedTime,omitempty"` - Sinks *[]struct { + Sinks *[]struct { GrpcService *struct { TapServer *struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -4578,46 +4574,6 @@ func (r *GatewaySoloIoMatchableHttpGatewayV1Manifest) Schema(_ context.Context, Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "max_buffered_rx_bytes": schema.Int64Attribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.Int64{ - int64validator.AtLeast(0), - int64validator.AtMost(4.294967295e+09), - }, - }, - - "max_buffered_tx_bytes": schema.Int64Attribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.Int64{ - int64validator.AtLeast(0), - int64validator.AtMost(4.294967295e+09), - }, - }, - - "record_downstream_connection": schema.BoolAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "record_headers_received_time": schema.BoolAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - "sinks": schema.ListNestedAttribute{ Description: "", MarkdownDescription: "", diff --git a/internal/provider/gateway_solo_io_v1/gateway_solo_io_route_option_v1_manifest.go b/internal/provider/gateway_solo_io_v1/gateway_solo_io_route_option_v1_manifest.go index ab8272d31..3981a0ee6 100644 --- a/internal/provider/gateway_solo_io_v1/gateway_solo_io_route_option_v1_manifest.go +++ b/internal/provider/gateway_solo_io_v1/gateway_solo_io_route_option_v1_manifest.go @@ -83,18 +83,6 @@ type GatewaySoloIoRouteOptionV1ManifestData struct { } `tfsdk:"postgres" json:"postgres,omitempty"` } `tfsdk:"datastore" json:"datastore,omitempty"` Embedding *struct { - AzureOpenai *struct { - ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` - AuthToken *struct { - Inline *string `tfsdk:"inline" json:"inline,omitempty"` - SecretRef *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - } `tfsdk:"secret_ref" json:"secretRef,omitempty"` - } `tfsdk:"auth_token" json:"authToken,omitempty"` - DeploymentName *string `tfsdk:"deployment_name" json:"deploymentName,omitempty"` - Endpoint *string `tfsdk:"endpoint" json:"endpoint,omitempty"` - } `tfsdk:"azure_openai" json:"azureOpenai,omitempty"` Openai *struct { AuthToken *struct { Inline *string `tfsdk:"inline" json:"inline,omitempty"` @@ -115,18 +103,6 @@ type GatewaySoloIoRouteOptionV1ManifestData struct { } `tfsdk:"redis" json:"redis,omitempty"` } `tfsdk:"datastore" json:"datastore,omitempty"` Embedding *struct { - AzureOpenai *struct { - ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` - AuthToken *struct { - Inline *string `tfsdk:"inline" json:"inline,omitempty"` - SecretRef *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - } `tfsdk:"secret_ref" json:"secretRef,omitempty"` - } `tfsdk:"auth_token" json:"authToken,omitempty"` - DeploymentName *string `tfsdk:"deployment_name" json:"deploymentName,omitempty"` - Endpoint *string `tfsdk:"endpoint" json:"endpoint,omitempty"` - } `tfsdk:"azure_openai" json:"azureOpenai,omitempty"` Openai *struct { AuthToken *struct { Inline *string `tfsdk:"inline" json:"inline,omitempty"` @@ -350,7 +326,6 @@ type GatewaySoloIoRouteOptionV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"after_ext_auth" json:"afterExtAuth,omitempty"` BeforeExtAuth *struct { AllowMissingOrFailedJwt *bool `tfsdk:"allow_missing_or_failed_jwt" json:"allowMissingOrFailedJwt,omitempty"` @@ -388,7 +363,6 @@ type GatewaySoloIoRouteOptionV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"before_ext_auth" json:"beforeExtAuth,omitempty"` } `tfsdk:"jwt_providers_staged" json:"jwtProvidersStaged,omitempty"` JwtStaged *struct { @@ -1882,81 +1856,6 @@ func (r *GatewaySoloIoRouteOptionV1Manifest) Schema(_ context.Context, _ datasou Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "azure_openai": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "api_version": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "auth_token": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "inline": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "secret_ref": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "deployment_name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "endpoint": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "openai": schema.SingleNestedAttribute{ Description: "", MarkdownDescription: "", @@ -2068,81 +1967,6 @@ func (r *GatewaySoloIoRouteOptionV1Manifest) Schema(_ context.Context, _ datasou Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "azure_openai": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "api_version": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "auth_token": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "inline": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "secret_ref": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "deployment_name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "endpoint": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "openai": schema.SingleNestedAttribute{ Description: "", MarkdownDescription: "", @@ -3597,14 +3421,6 @@ func (r *GatewaySoloIoRouteOptionV1Manifest) Schema(_ context.Context, _ datasou Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -3841,14 +3657,6 @@ func (r *GatewaySoloIoRouteOptionV1Manifest) Schema(_ context.Context, _ datasou Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/gateway_solo_io_v1/gateway_solo_io_route_table_v1_manifest.go b/internal/provider/gateway_solo_io_v1/gateway_solo_io_route_table_v1_manifest.go index a6cd20a86..10fdfd1d5 100644 --- a/internal/provider/gateway_solo_io_v1/gateway_solo_io_route_table_v1_manifest.go +++ b/internal/provider/gateway_solo_io_v1/gateway_solo_io_route_table_v1_manifest.go @@ -131,18 +131,6 @@ type GatewaySoloIoRouteTableV1ManifestData struct { } `tfsdk:"postgres" json:"postgres,omitempty"` } `tfsdk:"datastore" json:"datastore,omitempty"` Embedding *struct { - AzureOpenai *struct { - ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` - AuthToken *struct { - Inline *string `tfsdk:"inline" json:"inline,omitempty"` - SecretRef *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - } `tfsdk:"secret_ref" json:"secretRef,omitempty"` - } `tfsdk:"auth_token" json:"authToken,omitempty"` - DeploymentName *string `tfsdk:"deployment_name" json:"deploymentName,omitempty"` - Endpoint *string `tfsdk:"endpoint" json:"endpoint,omitempty"` - } `tfsdk:"azure_openai" json:"azureOpenai,omitempty"` Openai *struct { AuthToken *struct { Inline *string `tfsdk:"inline" json:"inline,omitempty"` @@ -163,18 +151,6 @@ type GatewaySoloIoRouteTableV1ManifestData struct { } `tfsdk:"redis" json:"redis,omitempty"` } `tfsdk:"datastore" json:"datastore,omitempty"` Embedding *struct { - AzureOpenai *struct { - ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` - AuthToken *struct { - Inline *string `tfsdk:"inline" json:"inline,omitempty"` - SecretRef *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - } `tfsdk:"secret_ref" json:"secretRef,omitempty"` - } `tfsdk:"auth_token" json:"authToken,omitempty"` - DeploymentName *string `tfsdk:"deployment_name" json:"deploymentName,omitempty"` - Endpoint *string `tfsdk:"endpoint" json:"endpoint,omitempty"` - } `tfsdk:"azure_openai" json:"azureOpenai,omitempty"` Openai *struct { AuthToken *struct { Inline *string `tfsdk:"inline" json:"inline,omitempty"` @@ -398,7 +374,6 @@ type GatewaySoloIoRouteTableV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"after_ext_auth" json:"afterExtAuth,omitempty"` BeforeExtAuth *struct { AllowMissingOrFailedJwt *bool `tfsdk:"allow_missing_or_failed_jwt" json:"allowMissingOrFailedJwt,omitempty"` @@ -436,7 +411,6 @@ type GatewaySoloIoRouteTableV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"before_ext_auth" json:"beforeExtAuth,omitempty"` } `tfsdk:"jwt_providers_staged" json:"jwtProvidersStaged,omitempty"` JwtStaged *struct { @@ -3288,81 +3262,6 @@ func (r *GatewaySoloIoRouteTableV1Manifest) Schema(_ context.Context, _ datasour Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "azure_openai": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "api_version": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "auth_token": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "inline": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "secret_ref": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "deployment_name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "endpoint": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "openai": schema.SingleNestedAttribute{ Description: "", MarkdownDescription: "", @@ -3474,81 +3373,6 @@ func (r *GatewaySoloIoRouteTableV1Manifest) Schema(_ context.Context, _ datasour Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "azure_openai": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "api_version": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "auth_token": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "inline": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "secret_ref": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "deployment_name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "endpoint": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "openai": schema.SingleNestedAttribute{ Description: "", MarkdownDescription: "", @@ -5003,14 +4827,6 @@ func (r *GatewaySoloIoRouteTableV1Manifest) Schema(_ context.Context, _ datasour Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -5247,14 +5063,6 @@ func (r *GatewaySoloIoRouteTableV1Manifest) Schema(_ context.Context, _ datasour Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/gateway_solo_io_v1/gateway_solo_io_virtual_host_option_v1_manifest.go b/internal/provider/gateway_solo_io_v1/gateway_solo_io_virtual_host_option_v1_manifest.go index 346385bb6..63a455f20 100644 --- a/internal/provider/gateway_solo_io_v1/gateway_solo_io_virtual_host_option_v1_manifest.go +++ b/internal/provider/gateway_solo_io_v1/gateway_solo_io_virtual_host_option_v1_manifest.go @@ -233,7 +233,6 @@ type GatewaySoloIoVirtualHostOptionV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"jwt" json:"jwt,omitempty"` JwtStaged *struct { AfterExtAuth *struct { @@ -272,7 +271,6 @@ type GatewaySoloIoVirtualHostOptionV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"after_ext_auth" json:"afterExtAuth,omitempty"` BeforeExtAuth *struct { AllowMissingOrFailedJwt *bool `tfsdk:"allow_missing_or_failed_jwt" json:"allowMissingOrFailedJwt,omitempty"` @@ -310,7 +308,6 @@ type GatewaySoloIoVirtualHostOptionV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"before_ext_auth" json:"beforeExtAuth,omitempty"` } `tfsdk:"jwt_staged" json:"jwtStaged,omitempty"` RateLimitConfigs *struct { @@ -2746,14 +2743,6 @@ func (r *GatewaySoloIoVirtualHostOptionV1Manifest) Schema(_ context.Context, _ d Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -2994,14 +2983,6 @@ func (r *GatewaySoloIoVirtualHostOptionV1Manifest) Schema(_ context.Context, _ d Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -3238,14 +3219,6 @@ func (r *GatewaySoloIoVirtualHostOptionV1Manifest) Schema(_ context.Context, _ d Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/gateway_solo_io_v1/gateway_solo_io_virtual_service_v1_manifest.go b/internal/provider/gateway_solo_io_v1/gateway_solo_io_virtual_service_v1_manifest.go index 832fcef81..d42658f2b 100644 --- a/internal/provider/gateway_solo_io_v1/gateway_solo_io_virtual_service_v1_manifest.go +++ b/internal/provider/gateway_solo_io_v1/gateway_solo_io_virtual_service_v1_manifest.go @@ -273,7 +273,6 @@ type GatewaySoloIoVirtualServiceV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"jwt" json:"jwt,omitempty"` JwtStaged *struct { AfterExtAuth *struct { @@ -312,7 +311,6 @@ type GatewaySoloIoVirtualServiceV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"after_ext_auth" json:"afterExtAuth,omitempty"` BeforeExtAuth *struct { AllowMissingOrFailedJwt *bool `tfsdk:"allow_missing_or_failed_jwt" json:"allowMissingOrFailedJwt,omitempty"` @@ -350,7 +348,6 @@ type GatewaySoloIoVirtualServiceV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"before_ext_auth" json:"beforeExtAuth,omitempty"` } `tfsdk:"jwt_staged" json:"jwtStaged,omitempty"` RateLimitConfigs *struct { @@ -1554,18 +1551,6 @@ type GatewaySoloIoVirtualServiceV1ManifestData struct { } `tfsdk:"postgres" json:"postgres,omitempty"` } `tfsdk:"datastore" json:"datastore,omitempty"` Embedding *struct { - AzureOpenai *struct { - ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` - AuthToken *struct { - Inline *string `tfsdk:"inline" json:"inline,omitempty"` - SecretRef *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - } `tfsdk:"secret_ref" json:"secretRef,omitempty"` - } `tfsdk:"auth_token" json:"authToken,omitempty"` - DeploymentName *string `tfsdk:"deployment_name" json:"deploymentName,omitempty"` - Endpoint *string `tfsdk:"endpoint" json:"endpoint,omitempty"` - } `tfsdk:"azure_openai" json:"azureOpenai,omitempty"` Openai *struct { AuthToken *struct { Inline *string `tfsdk:"inline" json:"inline,omitempty"` @@ -1586,18 +1571,6 @@ type GatewaySoloIoVirtualServiceV1ManifestData struct { } `tfsdk:"redis" json:"redis,omitempty"` } `tfsdk:"datastore" json:"datastore,omitempty"` Embedding *struct { - AzureOpenai *struct { - ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` - AuthToken *struct { - Inline *string `tfsdk:"inline" json:"inline,omitempty"` - SecretRef *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - } `tfsdk:"secret_ref" json:"secretRef,omitempty"` - } `tfsdk:"auth_token" json:"authToken,omitempty"` - DeploymentName *string `tfsdk:"deployment_name" json:"deploymentName,omitempty"` - Endpoint *string `tfsdk:"endpoint" json:"endpoint,omitempty"` - } `tfsdk:"azure_openai" json:"azureOpenai,omitempty"` Openai *struct { AuthToken *struct { Inline *string `tfsdk:"inline" json:"inline,omitempty"` @@ -1821,7 +1794,6 @@ type GatewaySoloIoVirtualServiceV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"after_ext_auth" json:"afterExtAuth,omitempty"` BeforeExtAuth *struct { AllowMissingOrFailedJwt *bool `tfsdk:"allow_missing_or_failed_jwt" json:"allowMissingOrFailedJwt,omitempty"` @@ -1859,7 +1831,6 @@ type GatewaySoloIoVirtualServiceV1ManifestData struct { QueryParams *[]string `tfsdk:"query_params" json:"queryParams,omitempty"` } `tfsdk:"token_source" json:"tokenSource,omitempty"` } `tfsdk:"providers" json:"providers,omitempty"` - ValidationPolicy *string `tfsdk:"validation_policy" json:"validationPolicy,omitempty"` } `tfsdk:"before_ext_auth" json:"beforeExtAuth,omitempty"` } `tfsdk:"jwt_providers_staged" json:"jwtProvidersStaged,omitempty"` JwtStaged *struct { @@ -5646,14 +5617,6 @@ func (r *GatewaySoloIoVirtualServiceV1Manifest) Schema(_ context.Context, _ data Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -5894,14 +5857,6 @@ func (r *GatewaySoloIoVirtualServiceV1Manifest) Schema(_ context.Context, _ data Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -6138,14 +6093,6 @@ func (r *GatewaySoloIoVirtualServiceV1Manifest) Schema(_ context.Context, _ data Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -13986,81 +13933,6 @@ func (r *GatewaySoloIoVirtualServiceV1Manifest) Schema(_ context.Context, _ data Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "azure_openai": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "api_version": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "auth_token": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "inline": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "secret_ref": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "deployment_name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "endpoint": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "openai": schema.SingleNestedAttribute{ Description: "", MarkdownDescription: "", @@ -14172,81 +14044,6 @@ func (r *GatewaySoloIoVirtualServiceV1Manifest) Schema(_ context.Context, _ data Description: "", MarkdownDescription: "", Attributes: map[string]schema.Attribute{ - "azure_openai": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "api_version": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "auth_token": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "inline": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "secret_ref": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "deployment_name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "endpoint": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "openai": schema.SingleNestedAttribute{ Description: "", MarkdownDescription: "", @@ -15701,14 +15498,6 @@ func (r *GatewaySoloIoVirtualServiceV1Manifest) Schema(_ context.Context, _ data Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -15945,14 +15734,6 @@ func (r *GatewaySoloIoVirtualServiceV1Manifest) Schema(_ context.Context, _ data Optional: true, Computed: false, }, - - "validation_policy": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/gloo_solo_io_v1/gloo_solo_io_upstream_v1_manifest.go b/internal/provider/gloo_solo_io_v1/gloo_solo_io_upstream_v1_manifest.go index 56c0efbc2..dab6db3ce 100644 --- a/internal/provider/gloo_solo_io_v1/gloo_solo_io_upstream_v1_manifest.go +++ b/internal/provider/gloo_solo_io_v1/gloo_solo_io_upstream_v1_manifest.go @@ -59,16 +59,6 @@ type GlooSoloIoUpstreamV1ManifestData struct { } `tfsdk:"custom_host" json:"customHost,omitempty"` Version *string `tfsdk:"version" json:"version,omitempty"` } `tfsdk:"anthropic" json:"anthropic,omitempty"` - AzureOpenai *struct { - AuthToken *struct { - Inline *string `tfsdk:"inline" json:"inline,omitempty"` - SecretRef *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - } `tfsdk:"secret_ref" json:"secretRef,omitempty"` - } `tfsdk:"auth_token" json:"authToken,omitempty"` - Endpoint *string `tfsdk:"endpoint" json:"endpoint,omitempty"` - } `tfsdk:"azure_openai" json:"azureOpenai,omitempty"` Mistral *struct { AuthToken *struct { Inline *string `tfsdk:"inline" json:"inline,omitempty"` @@ -1043,65 +1033,6 @@ func (r *GlooSoloIoUpstreamV1Manifest) Schema(_ context.Context, _ datasource.Sc Computed: false, }, - "azure_openai": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "auth_token": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "inline": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "secret_ref": schema.SingleNestedAttribute{ - Description: "", - MarkdownDescription: "", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "endpoint": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "mistral": schema.SingleNestedAttribute{ Description: "", MarkdownDescription: "", diff --git a/internal/provider/hive_openshift_io_v1/hive_openshift_io_machine_pool_v1_manifest.go b/internal/provider/hive_openshift_io_v1/hive_openshift_io_machine_pool_v1_manifest.go index 1a75ec8f6..2e6423e87 100644 --- a/internal/provider/hive_openshift_io_v1/hive_openshift_io_machine_pool_v1_manifest.go +++ b/internal/provider/hive_openshift_io_v1/hive_openshift_io_machine_pool_v1_manifest.go @@ -92,10 +92,9 @@ type HiveOpenshiftIoMachinePoolV1ManifestData struct { Sku *string `tfsdk:"sku" json:"sku,omitempty"` Version *string `tfsdk:"version" json:"version,omitempty"` } `tfsdk:"os_image" json:"osImage,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` - VirtualNetwork *string `tfsdk:"virtual_network" json:"virtualNetwork,omitempty"` - VmNetworkingType *string `tfsdk:"vm_networking_type" json:"vmNetworkingType,omitempty"` - Zones *[]string `tfsdk:"zones" json:"zones,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + VirtualNetwork *string `tfsdk:"virtual_network" json:"virtualNetwork,omitempty"` + Zones *[]string `tfsdk:"zones" json:"zones,omitempty"` } `tfsdk:"azure" json:"azure,omitempty"` Gcp *struct { NetworkProjectID *string `tfsdk:"network_project_id" json:"networkProjectID,omitempty"` @@ -584,17 +583,6 @@ func (r *HiveOpenshiftIoMachinePoolV1Manifest) Schema(_ context.Context, _ datas Computed: false, }, - "vm_networking_type": schema.StringAttribute{ - Description: "VMNetworkingType specifies whether to enable accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. eg. values: 'Accelerated', 'Basic'", - MarkdownDescription: "VMNetworkingType specifies whether to enable accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. eg. values: 'Accelerated', 'Basic'", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("Accelerated", "Basic"), - }, - }, - "zones": schema.ListAttribute{ Description: "Zones is list of availability zones that can be used. eg. ['1', '2', '3']", MarkdownDescription: "Zones is list of availability zones that can be used. eg. ['1', '2', '3']", diff --git a/internal/provider/image_toolkit_fluxcd_io_v1beta1/image_toolkit_fluxcd_io_image_repository_v1beta1_manifest.go b/internal/provider/image_toolkit_fluxcd_io_v1beta1/image_toolkit_fluxcd_io_image_repository_v1beta1_manifest.go index 353b16985..09a88d7ac 100644 --- a/internal/provider/image_toolkit_fluxcd_io_v1beta1/image_toolkit_fluxcd_io_image_repository_v1beta1_manifest.go +++ b/internal/provider/image_toolkit_fluxcd_io_v1beta1/image_toolkit_fluxcd_io_image_repository_v1beta1_manifest.go @@ -199,16 +199,16 @@ func (r *ImageToolkitFluxcdIoImageRepositoryV1Beta1Manifest) Schema(_ context.Co "image": schema.StringAttribute{ Description: "Image is the name of the image repository", MarkdownDescription: "Image is the name of the image repository", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, "interval": schema.StringAttribute{ Description: "Interval is the length of time to wait betweenscans of the image repository.", MarkdownDescription: "Interval is the length of time to wait betweenscans of the image repository.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), diff --git a/internal/provider/image_toolkit_fluxcd_io_v1beta1/image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest.go b/internal/provider/image_toolkit_fluxcd_io_v1beta1/image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest.go index 394496664..34cdcd776 100644 --- a/internal/provider/image_toolkit_fluxcd_io_v1beta1/image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest.go +++ b/internal/provider/image_toolkit_fluxcd_io_v1beta1/image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest.go @@ -279,8 +279,8 @@ func (r *ImageToolkitFluxcdIoImageUpdateAutomationV1Beta1Manifest) Schema(_ cont Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, }, diff --git a/internal/provider/image_toolkit_fluxcd_io_v1beta2/image_toolkit_fluxcd_io_image_repository_v1beta2_manifest.go b/internal/provider/image_toolkit_fluxcd_io_v1beta2/image_toolkit_fluxcd_io_image_repository_v1beta2_manifest.go index c7373bc50..66cc92155 100644 --- a/internal/provider/image_toolkit_fluxcd_io_v1beta2/image_toolkit_fluxcd_io_image_repository_v1beta2_manifest.go +++ b/internal/provider/image_toolkit_fluxcd_io_v1beta2/image_toolkit_fluxcd_io_image_repository_v1beta2_manifest.go @@ -52,15 +52,12 @@ type ImageToolkitFluxcdIoImageRepositoryV1Beta2ManifestData struct { CertSecretRef *struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"cert_secret_ref" json:"certSecretRef,omitempty"` - ExclusionList *[]string `tfsdk:"exclusion_list" json:"exclusionList,omitempty"` - Image *string `tfsdk:"image" json:"image,omitempty"` - Insecure *bool `tfsdk:"insecure" json:"insecure,omitempty"` - Interval *string `tfsdk:"interval" json:"interval,omitempty"` - Provider *string `tfsdk:"provider" json:"provider,omitempty"` - ProxySecretRef *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"proxy_secret_ref" json:"proxySecretRef,omitempty"` - SecretRef *struct { + ExclusionList *[]string `tfsdk:"exclusion_list" json:"exclusionList,omitempty"` + Image *string `tfsdk:"image" json:"image,omitempty"` + Insecure *bool `tfsdk:"insecure" json:"insecure,omitempty"` + Interval *string `tfsdk:"interval" json:"interval,omitempty"` + Provider *string `tfsdk:"provider" json:"provider,omitempty"` + SecretRef *struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"secret_ref" json:"secretRef,omitempty"` ServiceAccountName *string `tfsdk:"service_account_name" json:"serviceAccountName,omitempty"` @@ -204,8 +201,8 @@ func (r *ImageToolkitFluxcdIoImageRepositoryV1Beta2Manifest) Schema(_ context.Co "image": schema.StringAttribute{ Description: "Image is the name of the image repository", MarkdownDescription: "Image is the name of the image repository", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, @@ -220,8 +217,8 @@ func (r *ImageToolkitFluxcdIoImageRepositoryV1Beta2Manifest) Schema(_ context.Co "interval": schema.StringAttribute{ Description: "Interval is the length of time to wait betweenscans of the image repository.", MarkdownDescription: "Interval is the length of time to wait betweenscans of the image repository.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), @@ -239,23 +236,6 @@ func (r *ImageToolkitFluxcdIoImageRepositoryV1Beta2Manifest) Schema(_ context.Co }, }, - "proxy_secret_ref": schema.SingleNestedAttribute{ - Description: "ProxySecretRef specifies the Secret containing the proxy configurationto use while communicating with the container registry.", - MarkdownDescription: "ProxySecretRef specifies the Secret containing the proxy configurationto use while communicating with the container registry.", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "Name of the referent.", - MarkdownDescription: "Name of the referent.", - Required: true, - Optional: false, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "secret_ref": schema.SingleNestedAttribute{ Description: "SecretRef can be given the name of a secret containingcredentials to use for the image registry. The secret should becreated with 'kubectl create secret docker-registry', or theequivalent.", MarkdownDescription: "SecretRef can be given the name of a secret containingcredentials to use for the image registry. The secret should becreated with 'kubectl create secret docker-registry', or theequivalent.", diff --git a/internal/provider/image_toolkit_fluxcd_io_v1beta2/image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest.go b/internal/provider/image_toolkit_fluxcd_io_v1beta2/image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest.go index 10cb0f3cd..a87aeb045 100644 --- a/internal/provider/image_toolkit_fluxcd_io_v1beta2/image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest.go +++ b/internal/provider/image_toolkit_fluxcd_io_v1beta2/image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest.go @@ -287,8 +287,8 @@ func (r *ImageToolkitFluxcdIoImageUpdateAutomationV1Beta2Manifest) Schema(_ cont Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, }, diff --git a/internal/provider/k8s_mariadb_com_v1alpha1/k8s_mariadb_com_maria_db_v1alpha1_manifest.go b/internal/provider/k8s_mariadb_com_v1alpha1/k8s_mariadb_com_maria_db_v1alpha1_manifest.go index 6a78e20c4..dbc7ea032 100644 --- a/internal/provider/k8s_mariadb_com_v1alpha1/k8s_mariadb_com_maria_db_v1alpha1_manifest.go +++ b/internal/provider/k8s_mariadb_com_v1alpha1/k8s_mariadb_com_maria_db_v1alpha1_manifest.go @@ -1235,8 +1235,7 @@ type K8SMariadbComMariaDbV1Alpha1ManifestData struct { Annotations *map[string]string `tfsdk:"annotations" json:"annotations,omitempty"` Labels *map[string]string `tfsdk:"labels" json:"labels,omitempty"` } `tfsdk:"metadata" json:"metadata,omitempty"` - PodAffinity *bool `tfsdk:"pod_affinity" json:"podAffinity,omitempty"` - Resources *struct { + Resources *struct { Claims *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` Request *string `tfsdk:"request" json:"request,omitempty"` @@ -12417,14 +12416,6 @@ func (r *K8SMariadbComMariaDbV1Alpha1Manifest) Schema(_ context.Context, _ datas Computed: false, }, - "pod_affinity": schema.BoolAttribute{ - Description: "PodAffinity indicates whether the recovery Jobs should run in the same Node as the MariaDB Pods. It defaults to true.", - MarkdownDescription: "PodAffinity indicates whether the recovery Jobs should run in the same Node as the MariaDB Pods. It defaults to true.", - Required: false, - Optional: true, - Computed: false, - }, - "resources": schema.SingleNestedAttribute{ Description: "Resouces describes the compute resource requirements.", MarkdownDescription: "Resouces describes the compute resource requirements.", diff --git a/internal/provider/kueue_x_k8s_io_v1beta1/kueue_x_k8s_io_workload_v1beta1_manifest.go b/internal/provider/kueue_x_k8s_io_v1beta1/kueue_x_k8s_io_workload_v1beta1_manifest.go index 73af6d14c..dc3a131fa 100644 --- a/internal/provider/kueue_x_k8s_io_v1beta1/kueue_x_k8s_io_workload_v1beta1_manifest.go +++ b/internal/provider/kueue_x_k8s_io_v1beta1/kueue_x_k8s_io_workload_v1beta1_manifest.go @@ -351,8 +351,7 @@ type KueueXK8SIoWorkloadV1Beta1ManifestData struct { } `tfsdk:"resize_policy" json:"resizePolicy,omitempty"` Resources *struct { Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Request *string `tfsdk:"request" json:"request,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` @@ -609,8 +608,7 @@ type KueueXK8SIoWorkloadV1Beta1ManifestData struct { } `tfsdk:"resize_policy" json:"resizePolicy,omitempty"` Resources *struct { Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Request *string `tfsdk:"request" json:"request,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` @@ -870,8 +868,7 @@ type KueueXK8SIoWorkloadV1Beta1ManifestData struct { } `tfsdk:"resize_policy" json:"resizePolicy,omitempty"` Resources *struct { Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Request *string `tfsdk:"request" json:"request,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` @@ -972,9 +969,11 @@ type KueueXK8SIoWorkloadV1Beta1ManifestData struct { ConditionType *string `tfsdk:"condition_type" json:"conditionType,omitempty"` } `tfsdk:"readiness_gates" json:"readinessGates,omitempty"` ResourceClaims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - ResourceClaimName *string `tfsdk:"resource_claim_name" json:"resourceClaimName,omitempty"` - ResourceClaimTemplateName *string `tfsdk:"resource_claim_template_name" json:"resourceClaimTemplateName,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Source *struct { + ResourceClaimName *string `tfsdk:"resource_claim_name" json:"resourceClaimName,omitempty"` + ResourceClaimTemplateName *string `tfsdk:"resource_claim_template_name" json:"resourceClaimTemplateName,omitempty"` + } `tfsdk:"source" json:"source,omitempty"` } `tfsdk:"resource_claims" json:"resourceClaims,omitempty"` RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` RuntimeClassName *string `tfsdk:"runtime_class_name" json:"runtimeClassName,omitempty"` @@ -1002,9 +1001,8 @@ type KueueXK8SIoWorkloadV1Beta1ManifestData struct { LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"seccomp_profile" json:"seccompProfile,omitempty"` - SupplementalGroups *[]string `tfsdk:"supplemental_groups" json:"supplementalGroups,omitempty"` - SupplementalGroupsPolicy *string `tfsdk:"supplemental_groups_policy" json:"supplementalGroupsPolicy,omitempty"` - Sysctls *[]struct { + SupplementalGroups *[]string `tfsdk:"supplemental_groups" json:"supplementalGroups,omitempty"` + Sysctls *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` Value *string `tfsdk:"value" json:"value,omitempty"` } `tfsdk:"sysctls" json:"sysctls,omitempty"` @@ -1203,10 +1201,6 @@ type KueueXK8SIoWorkloadV1Beta1ManifestData struct { Path *string `tfsdk:"path" json:"path,omitempty"` Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"host_path" json:"hostPath,omitempty"` - Image *struct { - PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"` - Reference *string `tfsdk:"reference" json:"reference,omitempty"` - } `tfsdk:"image" json:"image,omitempty"` Iscsi *struct { ChapAuthDiscovery *bool `tfsdk:"chap_auth_discovery" json:"chapAuthDiscovery,omitempty"` ChapAuthSession *bool `tfsdk:"chap_auth_session" json:"chapAuthSession,omitempty"` @@ -1833,8 +1827,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -1842,8 +1836,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2000,8 +1994,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2009,8 +2003,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2167,8 +2161,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2176,8 +2170,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2334,8 +2328,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2343,8 +2337,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2507,8 +2501,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -2598,8 +2592,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -2639,8 +2633,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "The ConfigMap to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -2672,8 +2666,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "The Secret to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -3485,14 +3479,6 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou Optional: false, Computed: false, }, - - "request": schema.StringAttribute{ - Description: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - MarkdownDescription: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - Required: false, - Optional: true, - Computed: false, - }, }, }, Required: false, @@ -3604,8 +3590,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default value is Default which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default value is Default which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, @@ -4227,8 +4213,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -4318,8 +4304,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -4359,8 +4345,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "The ConfigMap to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -4392,8 +4378,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "The Secret to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -5205,14 +5191,6 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou Optional: false, Computed: false, }, - - "request": schema.StringAttribute{ - Description: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - MarkdownDescription: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - Required: false, - Optional: true, - Computed: false, - }, }, }, Required: false, @@ -5324,8 +5302,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default value is Default which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default value is Default which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, @@ -5898,8 +5876,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -5972,8 +5950,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -6063,8 +6041,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -6104,8 +6082,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "The ConfigMap to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -6137,8 +6115,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "The Secret to select from", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -6950,14 +6928,6 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou Optional: false, Computed: false, }, - - "request": schema.StringAttribute{ - Description: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - MarkdownDescription: "Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request.", - Required: false, - Optional: true, - Computed: false, - }, }, }, Required: false, @@ -7069,8 +7039,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "proc_mount": schema.StringAttribute{ - Description: "procMount denotes the type of proc mount to use for the containers.The default value is Default which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default value is Default which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + Description: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows.", Required: false, Optional: true, Computed: false, @@ -7562,8 +7532,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "node_name": schema.StringAttribute{ - Description: "NodeName indicates in which node this pod is scheduled.If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.This field should not be used to express a desire for the pod to be scheduled on a specific node.https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", - MarkdownDescription: "NodeName indicates in which node this pod is scheduled.If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.This field should not be used to express a desire for the pod to be scheduled on a specific node.https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", + Description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements.", + MarkdownDescription: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements.", Required: false, Optional: true, Computed: false, @@ -7579,8 +7549,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.securityContext.supplementalGroupsPolicy- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.securityContext.supplementalGroupsPolicy- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -7660,20 +7630,29 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, - "resource_claim_name": schema.StringAttribute{ - Description: "ResourceClaimName is the name of a ResourceClaim object in the samenamespace as this pod.Exactly one of ResourceClaimName and ResourceClaimTemplateName mustbe set.", - MarkdownDescription: "ResourceClaimName is the name of a ResourceClaim object in the samenamespace as this pod.Exactly one of ResourceClaimName and ResourceClaimTemplateName mustbe set.", - Required: false, - Optional: true, - Computed: false, - }, + "source": schema.SingleNestedAttribute{ + Description: "Source describes where to find the ResourceClaim.", + MarkdownDescription: "Source describes where to find the ResourceClaim.", + Attributes: map[string]schema.Attribute{ + "resource_claim_name": schema.StringAttribute{ + Description: "ResourceClaimName is the name of a ResourceClaim object in the samenamespace as this pod.", + MarkdownDescription: "ResourceClaimName is the name of a ResourceClaim object in the samenamespace as this pod.", + Required: false, + Optional: true, + Computed: false, + }, - "resource_claim_template_name": schema.StringAttribute{ - Description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplateobject in the same namespace as this pod.The template will be used to create a new ResourceClaim, which willbe bound to this pod. When this pod is deleted, the ResourceClaimwill also be deleted. The pod name and resource name, along with agenerated component, will be used to form a unique name for theResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.This field is immutable and no changes will be made to thecorresponding ResourceClaim by the control plane after creating theResourceClaim.Exactly one of ResourceClaimName and ResourceClaimTemplateName mustbe set.", - MarkdownDescription: "ResourceClaimTemplateName is the name of a ResourceClaimTemplateobject in the same namespace as this pod.The template will be used to create a new ResourceClaim, which willbe bound to this pod. When this pod is deleted, the ResourceClaimwill also be deleted. The pod name and resource name, along with agenerated component, will be used to form a unique name for theResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.This field is immutable and no changes will be made to thecorresponding ResourceClaim by the control plane after creating theResourceClaim.Exactly one of ResourceClaimName and ResourceClaimTemplateName mustbe set.", - Required: false, - Optional: true, - Computed: false, + "resource_claim_template_name": schema.StringAttribute{ + Description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplateobject in the same namespace as this pod.The template will be used to create a new ResourceClaim, which willbe bound to this pod. When this pod is deleted, the ResourceClaimwill also be deleted. The pod name and resource name, along with agenerated component, will be used to form a unique name for theResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.This field is immutable and no changes will be made to thecorresponding ResourceClaim by the control plane after creating theResourceClaim.", + MarkdownDescription: "ResourceClaimTemplateName is the name of a ResourceClaimTemplateobject in the same namespace as this pod.The template will be used to create a new ResourceClaim, which willbe bound to this pod. When this pod is deleted, the ResourceClaimwill also be deleted. The pod name and resource name, along with agenerated component, will be used to form a unique name for theResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.This field is immutable and no changes will be made to thecorresponding ResourceClaim by the control plane after creating theResourceClaim.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, }, }, }, @@ -7861,22 +7840,14 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "supplemental_groups": schema.ListAttribute{ - Description: "A list of groups applied to the first process run in each container, inaddition to the container's primary GID and fsGroup (if specified). Ifthe SupplementalGroupsPolicy feature is enabled, thesupplementalGroupsPolicy field determines whether these are in additionto or instead of any group memberships defined in the container image.If unspecified, no additional groups are added, though group membershipsdefined in the container image may still be used, depending on thesupplementalGroupsPolicy field.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "A list of groups applied to the first process run in each container, inaddition to the container's primary GID and fsGroup (if specified). Ifthe SupplementalGroupsPolicy feature is enabled, thesupplementalGroupsPolicy field determines whether these are in additionto or instead of any group memberships defined in the container image.If unspecified, no additional groups are added, though group membershipsdefined in the container image may still be used, depending on thesupplementalGroupsPolicy field.Note that this field cannot be set when spec.os.name is windows.", + Description: "A list of groups applied to the first process run in each container, in additionto the container's primary GID, the fsGroup (if specified), and group membershipsdefined in the container image for the uid of the container process. If unspecified,no additional groups are added to any container. Note that group membershipsdefined in the container image for the uid of the container process are still effective,even if they are not included in this list.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "A list of groups applied to the first process run in each container, in additionto the container's primary GID, the fsGroup (if specified), and group membershipsdefined in the container image for the uid of the container process. If unspecified,no additional groups are added to any container. Note that group membershipsdefined in the container image for the uid of the container process are still effective,even if they are not included in this list.Note that this field cannot be set when spec.os.name is windows.", ElementType: types.StringType, Required: false, Optional: true, Computed: false, }, - "supplemental_groups_policy": schema.StringAttribute{ - Description: "Defines how supplemental groups of the first container processes are calculated.Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used.(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabledand the container runtime must implement support for this feature.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "Defines how supplemental groups of the first container processes are calculated.Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used.(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabledand the container runtime must implement support for this feature.Note that this field cannot be set when spec.os.name is windows.", - Required: false, - Optional: true, - Computed: false, - }, - "sysctls": schema.ListNestedAttribute{ Description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows.", @@ -8181,8 +8152,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "awsElasticBlockStore represents an AWS Disk resource that is attached to akubelet's host machine and then exposed to the pod.More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", Attributes: map[string]schema.Attribute{ "fs_type": schema.StringAttribute{ - Description: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - MarkdownDescription: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + Description: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstoreTODO: how do we prevent errors in the filesystem from compromising the machine", + MarkdownDescription: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstoreTODO: how do we prevent errors in the filesystem from compromising the machine", Required: false, Optional: true, Computed: false, @@ -8349,8 +8320,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -8399,8 +8370,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "secretRef is optional: points to a secret object containing parameters used to connectto OpenStack.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -8472,8 +8443,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -8517,8 +8488,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "nodePublishSecretRef is a reference to the secret object containingsensitive information to pass to the CSI driver to complete the CSINodePublishVolume and NodeUnpublishVolume calls.This field is optional, and may be empty if no secret is required. If thesecret object contains more than one secret, all secret references are passed.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -8915,8 +8886,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -8958,8 +8929,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", Attributes: map[string]schema.Attribute{ "fs_type": schema.StringAttribute{ - Description: "fsType is the filesystem type to mount.Must be a filesystem type supported by the host operating system.Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.", - MarkdownDescription: "fsType is the filesystem type to mount.Must be a filesystem type supported by the host operating system.Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.", + Description: "fsType is the filesystem type to mount.Must be a filesystem type supported by the host operating system.Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.TODO: how do we prevent errors in the filesystem from compromising the machine", + MarkdownDescription: "fsType is the filesystem type to mount.Must be a filesystem type supported by the host operating system.Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.TODO: how do we prevent errors in the filesystem from compromising the machine", Required: false, Optional: true, Computed: false, @@ -9046,8 +9017,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "secretRef is Optional: secretRef is reference to the secret object containingsensitive information to pass to the plugin scripts. This may beempty if no secret object is specified. If the secret objectcontains more than one secret, all secrets are passed to the pluginscripts.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -9093,8 +9064,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "gcePersistentDisk represents a GCE Disk resource that is attached to akubelet's host machine and then exposed to the pod.More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", Attributes: map[string]schema.Attribute{ "fs_type": schema.StringAttribute{ - Description: "fsType is filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - MarkdownDescription: "fsType is filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + Description: "fsType is filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdiskTODO: how do we prevent errors in the filesystem from compromising the machine", + MarkdownDescription: "fsType is filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdiskTODO: how do we prevent errors in the filesystem from compromising the machine", Required: false, Optional: true, Computed: false, @@ -9196,8 +9167,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "host_path": schema.SingleNestedAttribute{ - Description: "hostPath represents a pre-existing file or directory on the hostmachine that is directly exposed to the container. This is generallyused for system agents or other privileged things that are allowedto see the host machine. Most containers will NOT need this.More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - MarkdownDescription: "hostPath represents a pre-existing file or directory on the hostmachine that is directly exposed to the container. This is generallyused for system agents or other privileged things that are allowedto see the host machine. Most containers will NOT need this.More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + Description: "hostPath represents a pre-existing file or directory on the hostmachine that is directly exposed to the container. This is generallyused for system agents or other privileged things that are allowedto see the host machine. Most containers will NOT need this.More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath---TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can notmount host directories as read/write.", + MarkdownDescription: "hostPath represents a pre-existing file or directory on the hostmachine that is directly exposed to the container. This is generallyused for system agents or other privileged things that are allowedto see the host machine. Most containers will NOT need this.More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath---TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can notmount host directories as read/write.", Attributes: map[string]schema.Attribute{ "path": schema.StringAttribute{ Description: "path of the directory on the host.If the path is a symlink, it will follow the link to the real path.More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", @@ -9220,31 +9191,6 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, - "image": schema.SingleNestedAttribute{ - Description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.The volume is resolved at pod startup depending on which PullPolicy value is provided:- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.The volume will be mounted read-only (ro) and non-executable files (noexec).Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - MarkdownDescription: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.The volume is resolved at pod startup depending on which PullPolicy value is provided:- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.The volume will be mounted read-only (ro) and non-executable files (noexec).Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - Attributes: map[string]schema.Attribute{ - "pull_policy": schema.StringAttribute{ - Description: "Policy for pulling OCI objects. Possible values are:Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - MarkdownDescription: "Policy for pulling OCI objects. Possible values are:Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - Required: false, - Optional: true, - Computed: false, - }, - - "reference": schema.StringAttribute{ - Description: "Required: Image or artifact reference to be used.Behaves in the same way as pod.spec.containers[*].image.Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", - MarkdownDescription: "Required: Image or artifact reference to be used.Behaves in the same way as pod.spec.containers[*].image.Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets.", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "iscsi": schema.SingleNestedAttribute{ Description: "iscsi represents an ISCSI Disk resource that is attached to akubelet's host machine and then exposed to the pod.More info: https://examples.k8s.io/volumes/iscsi/README.md", MarkdownDescription: "iscsi represents an ISCSI Disk resource that is attached to akubelet's host machine and then exposed to the pod.More info: https://examples.k8s.io/volumes/iscsi/README.md", @@ -9266,8 +9212,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "fs_type": schema.StringAttribute{ - Description: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - MarkdownDescription: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + Description: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsiTODO: how do we prevent errors in the filesystem from compromising the machine", + MarkdownDescription: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsiTODO: how do we prevent errors in the filesystem from compromising the machine", Required: false, Optional: true, Computed: false, @@ -9327,8 +9273,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "secretRef is the CHAP Secret for iSCSI target and initiator authentication", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -9489,8 +9435,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "sources": schema.ListNestedAttribute{ - Description: "sources is the list of volume projections. Each entry in this listhandles one source.", - MarkdownDescription: "sources is the list of volume projections. Each entry in this listhandles one source.", + Description: "sources is the list of volume projections", + MarkdownDescription: "sources is the list of volume projections", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "cluster_trust_bundle": schema.SingleNestedAttribute{ @@ -9628,8 +9574,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -9782,8 +9728,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou }, "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -9908,8 +9854,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.More info: https://examples.k8s.io/volumes/rbd/README.md", Attributes: map[string]schema.Attribute{ "fs_type": schema.StringAttribute{ - Description: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - MarkdownDescription: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + Description: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#rbdTODO: how do we prevent errors in the filesystem from compromising the machine", + MarkdownDescription: "fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#rbdTODO: how do we prevent errors in the filesystem from compromising the machine", Required: false, Optional: true, Computed: false, @@ -9961,8 +9907,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "secretRef is name of the authentication secret for RBDUser. If providedoverrides keyring.Default is nil.More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -10027,8 +9973,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "secretRef references to the secret for ScaleIO user and othersensitive information. If this is not provided, Login operation will fail.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, @@ -10177,8 +10123,8 @@ func (r *KueueXK8SIoWorkloadV1Beta1Manifest) Schema(_ context.Context, _ datasou MarkdownDescription: "secretRef specifies the secret to use for obtaining the StorageOS APIcredentials. If not specified, default values will be attempted.", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/kyverno_io_v1/kyverno_io_cluster_policy_v1_manifest.go b/internal/provider/kyverno_io_v1/kyverno_io_cluster_policy_v1_manifest.go index 420fb049c..23dc4dc44 100644 --- a/internal/provider/kyverno_io_v1/kyverno_io_cluster_policy_v1_manifest.go +++ b/internal/provider/kyverno_io_v1/kyverno_io_cluster_policy_v1_manifest.go @@ -68,11 +68,7 @@ type KyvernoIoClusterPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -250,11 +246,7 @@ type KyvernoIoClusterPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -427,11 +419,7 @@ type KyvernoIoClusterPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -495,11 +483,7 @@ type KyvernoIoClusterPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -604,11 +588,7 @@ type KyvernoIoClusterPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -1151,8 +1131,8 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -1190,33 +1170,6 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -2408,8 +2361,8 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -2447,33 +2400,6 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -3608,8 +3534,8 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, @@ -3660,8 +3586,8 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -3699,33 +3625,6 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -4143,8 +4042,8 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -4182,33 +4081,6 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -4897,8 +4769,8 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -4936,33 +4808,6 @@ func (r *KyvernoIoClusterPolicyV1Manifest) Schema(_ context.Context, _ datasourc Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", diff --git a/internal/provider/kyverno_io_v1/kyverno_io_policy_v1_manifest.go b/internal/provider/kyverno_io_v1/kyverno_io_policy_v1_manifest.go index 037154082..3a3a3250c 100644 --- a/internal/provider/kyverno_io_v1/kyverno_io_policy_v1_manifest.go +++ b/internal/provider/kyverno_io_v1/kyverno_io_policy_v1_manifest.go @@ -68,11 +68,7 @@ type KyvernoIoPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -250,11 +246,7 @@ type KyvernoIoPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -427,11 +419,7 @@ type KyvernoIoPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -495,11 +483,7 @@ type KyvernoIoPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -604,11 +588,7 @@ type KyvernoIoPolicyV1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -1163,8 +1143,8 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -1202,33 +1182,6 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -2420,8 +2373,8 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -2459,33 +2412,6 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -3620,8 +3546,8 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, @@ -3672,8 +3598,8 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -3711,33 +3637,6 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -4155,8 +4054,8 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -4194,33 +4093,6 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -4909,8 +4781,8 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -4948,33 +4820,6 @@ func (r *KyvernoIoPolicyV1Manifest) Schema(_ context.Context, _ datasource.Schem Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", diff --git a/internal/provider/kyverno_io_v2/kyverno_io_cleanup_policy_v2_manifest.go b/internal/provider/kyverno_io_v2/kyverno_io_cleanup_policy_v2_manifest.go index ec9708ca7..90d95ba01 100644 --- a/internal/provider/kyverno_io_v2/kyverno_io_cleanup_policy_v2_manifest.go +++ b/internal/provider/kyverno_io_v2/kyverno_io_cleanup_policy_v2_manifest.go @@ -68,11 +68,7 @@ type KyvernoIoCleanupPolicyV2ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -464,8 +460,8 @@ func (r *KyvernoIoCleanupPolicyV2Manifest) Schema(_ context.Context, _ datasourc }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -503,33 +499,6 @@ func (r *KyvernoIoCleanupPolicyV2Manifest) Schema(_ context.Context, _ datasourc Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -1696,8 +1665,8 @@ func (r *KyvernoIoCleanupPolicyV2Manifest) Schema(_ context.Context, _ datasourc Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, diff --git a/internal/provider/kyverno_io_v2/kyverno_io_cluster_cleanup_policy_v2_manifest.go b/internal/provider/kyverno_io_v2/kyverno_io_cluster_cleanup_policy_v2_manifest.go index 6c5328659..ad3158183 100644 --- a/internal/provider/kyverno_io_v2/kyverno_io_cluster_cleanup_policy_v2_manifest.go +++ b/internal/provider/kyverno_io_v2/kyverno_io_cluster_cleanup_policy_v2_manifest.go @@ -67,11 +67,7 @@ type KyvernoIoClusterCleanupPolicyV2ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -451,8 +447,8 @@ func (r *KyvernoIoClusterCleanupPolicyV2Manifest) Schema(_ context.Context, _ da }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -490,33 +486,6 @@ func (r *KyvernoIoClusterCleanupPolicyV2Manifest) Schema(_ context.Context, _ da Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -1683,8 +1652,8 @@ func (r *KyvernoIoClusterCleanupPolicyV2Manifest) Schema(_ context.Context, _ da Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, diff --git a/internal/provider/kyverno_io_v2alpha1/kyverno_io_global_context_entry_v2alpha1_manifest.go b/internal/provider/kyverno_io_v2alpha1/kyverno_io_global_context_entry_v2alpha1_manifest.go index cf366ce42..e6907a833 100644 --- a/internal/provider/kyverno_io_v2alpha1/kyverno_io_global_context_entry_v2alpha1_manifest.go +++ b/internal/provider/kyverno_io_v2alpha1/kyverno_io_global_context_entry_v2alpha1_manifest.go @@ -53,11 +53,7 @@ type KyvernoIoGlobalContextEntryV2Alpha1ManifestData struct { RetryLimit *int64 `tfsdk:"retry_limit" json:"retryLimit,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -209,33 +205,6 @@ func (r *KyvernoIoGlobalContextEntryV2Alpha1Manifest) Schema(_ context.Context, Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", diff --git a/internal/provider/kyverno_io_v2beta1/kyverno_io_cleanup_policy_v2beta1_manifest.go b/internal/provider/kyverno_io_v2beta1/kyverno_io_cleanup_policy_v2beta1_manifest.go index 96b1768b7..87cdfb67a 100644 --- a/internal/provider/kyverno_io_v2beta1/kyverno_io_cleanup_policy_v2beta1_manifest.go +++ b/internal/provider/kyverno_io_v2beta1/kyverno_io_cleanup_policy_v2beta1_manifest.go @@ -68,11 +68,7 @@ type KyvernoIoCleanupPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -464,8 +460,8 @@ func (r *KyvernoIoCleanupPolicyV2Beta1Manifest) Schema(_ context.Context, _ data }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -503,33 +499,6 @@ func (r *KyvernoIoCleanupPolicyV2Beta1Manifest) Schema(_ context.Context, _ data Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -1696,8 +1665,8 @@ func (r *KyvernoIoCleanupPolicyV2Beta1Manifest) Schema(_ context.Context, _ data Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, diff --git a/internal/provider/kyverno_io_v2beta1/kyverno_io_cluster_cleanup_policy_v2beta1_manifest.go b/internal/provider/kyverno_io_v2beta1/kyverno_io_cluster_cleanup_policy_v2beta1_manifest.go index d8cbbf023..8d3d252af 100644 --- a/internal/provider/kyverno_io_v2beta1/kyverno_io_cluster_cleanup_policy_v2beta1_manifest.go +++ b/internal/provider/kyverno_io_v2beta1/kyverno_io_cluster_cleanup_policy_v2beta1_manifest.go @@ -67,11 +67,7 @@ type KyvernoIoClusterCleanupPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -451,8 +447,8 @@ func (r *KyvernoIoClusterCleanupPolicyV2Beta1Manifest) Schema(_ context.Context, }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -490,33 +486,6 @@ func (r *KyvernoIoClusterCleanupPolicyV2Beta1Manifest) Schema(_ context.Context, Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -1683,8 +1652,8 @@ func (r *KyvernoIoClusterCleanupPolicyV2Beta1Manifest) Schema(_ context.Context, Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, diff --git a/internal/provider/kyverno_io_v2beta1/kyverno_io_cluster_policy_v2beta1_manifest.go b/internal/provider/kyverno_io_v2beta1/kyverno_io_cluster_policy_v2beta1_manifest.go index 84398b5e0..17f92365e 100644 --- a/internal/provider/kyverno_io_v2beta1/kyverno_io_cluster_policy_v2beta1_manifest.go +++ b/internal/provider/kyverno_io_v2beta1/kyverno_io_cluster_policy_v2beta1_manifest.go @@ -66,11 +66,7 @@ type KyvernoIoClusterPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -216,11 +212,7 @@ type KyvernoIoClusterPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -361,11 +353,7 @@ type KyvernoIoClusterPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -429,11 +417,7 @@ type KyvernoIoClusterPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -562,11 +546,7 @@ type KyvernoIoClusterPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -1093,8 +1073,8 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -1132,33 +1112,6 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -2119,8 +2072,8 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -2158,33 +2111,6 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -3088,8 +3014,8 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, @@ -3140,8 +3066,8 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -3179,33 +3105,6 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -3623,8 +3522,8 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -3662,33 +3561,6 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -4552,8 +4424,8 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -4591,33 +4463,6 @@ func (r *KyvernoIoClusterPolicyV2Beta1Manifest) Schema(_ context.Context, _ data Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", diff --git a/internal/provider/kyverno_io_v2beta1/kyverno_io_policy_v2beta1_manifest.go b/internal/provider/kyverno_io_v2beta1/kyverno_io_policy_v2beta1_manifest.go index 0f5d9873e..6bda871d0 100644 --- a/internal/provider/kyverno_io_v2beta1/kyverno_io_policy_v2beta1_manifest.go +++ b/internal/provider/kyverno_io_v2beta1/kyverno_io_policy_v2beta1_manifest.go @@ -67,11 +67,7 @@ type KyvernoIoPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -217,11 +213,7 @@ type KyvernoIoPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -362,11 +354,7 @@ type KyvernoIoPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -430,11 +418,7 @@ type KyvernoIoPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -563,11 +547,7 @@ type KyvernoIoPolicyV2Beta1ManifestData struct { Method *string `tfsdk:"method" json:"method,omitempty"` Service *struct { CaBundle *string `tfsdk:"ca_bundle" json:"caBundle,omitempty"` - Headers *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Value *string `tfsdk:"value" json:"value,omitempty"` - } `tfsdk:"headers" json:"headers,omitempty"` - Url *string `tfsdk:"url" json:"url,omitempty"` + Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"service" json:"service,omitempty"` UrlPath *string `tfsdk:"url_path" json:"urlPath,omitempty"` } `tfsdk:"api_call" json:"apiCall,omitempty"` @@ -1106,8 +1086,8 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -1145,33 +1125,6 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -2132,8 +2085,8 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -2171,33 +2124,6 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -3101,8 +3027,8 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, @@ -3153,8 +3079,8 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -3192,33 +3118,6 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -3636,8 +3535,8 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -3675,33 +3574,6 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", @@ -4565,8 +4437,8 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. }, "default": schema.MapAttribute{ - Description: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", - MarkdownDescription: "Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error.", + Description: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", + MarkdownDescription: "Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error", ElementType: types.StringType, Required: false, Optional: true, @@ -4604,33 +4476,6 @@ func (r *KyvernoIoPolicyV2Beta1Manifest) Schema(_ context.Context, _ datasource. Computed: false, }, - "headers": schema.ListNestedAttribute{ - Description: "Headers is a list of optional HTTP headers to be included in the request.", - MarkdownDescription: "Headers is a list of optional HTTP headers to be included in the request.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "Key is the header key", - MarkdownDescription: "Key is the header key", - Required: true, - Optional: false, - Computed: false, - }, - - "value": schema.StringAttribute{ - Description: "Value is the header value", - MarkdownDescription: "Value is the header value", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "url": schema.StringAttribute{ Description: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", MarkdownDescription: "URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'.", diff --git a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_alias_v1alpha1_manifest.go b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_alias_v1alpha1_manifest.go index b90ea9f88..0d54b0696 100644 --- a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_alias_v1alpha1_manifest.go +++ b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_alias_v1alpha1_manifest.go @@ -61,8 +61,7 @@ type LambdaServicesK8SAwsAliasV1Alpha1ManifestData struct { FunctionName *string `tfsdk:"function_name" json:"functionName,omitempty"` FunctionRef *struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"function_ref" json:"functionRef,omitempty"` FunctionVersion *string `tfsdk:"function_version" json:"functionVersion,omitempty"` @@ -270,14 +269,6 @@ func (r *LambdaServicesK8SAwsAliasV1Alpha1Manifest) Schema(_ context.Context, _ Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest.go b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest.go index b9aea2cd0..fee6a5929 100644 --- a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest.go +++ b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest.go @@ -60,8 +60,7 @@ type LambdaServicesK8SAwsEventSourceMappingV1Alpha1ManifestData struct { EventSourceARN *string `tfsdk:"event_source_arn" json:"eventSourceARN,omitempty"` EventSourceRef *struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"event_source_ref" json:"eventSourceRef,omitempty"` FilterCriteria *struct { @@ -72,8 +71,7 @@ type LambdaServicesK8SAwsEventSourceMappingV1Alpha1ManifestData struct { FunctionName *string `tfsdk:"function_name" json:"functionName,omitempty"` FunctionRef *struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"function_ref" json:"functionRef,omitempty"` FunctionResponseTypes *[]string `tfsdk:"function_response_types" json:"functionResponseTypes,omitempty"` @@ -83,8 +81,7 @@ type LambdaServicesK8SAwsEventSourceMappingV1Alpha1ManifestData struct { ParallelizationFactor *int64 `tfsdk:"parallelization_factor" json:"parallelizationFactor,omitempty"` QueueRefs *[]struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"queue_refs" json:"queueRefs,omitempty"` Queues *[]string `tfsdk:"queues" json:"queues,omitempty"` @@ -292,14 +289,6 @@ func (r *LambdaServicesK8SAwsEventSourceMappingV1Alpha1Manifest) Schema(_ contex Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -362,14 +351,6 @@ func (r *LambdaServicesK8SAwsEventSourceMappingV1Alpha1Manifest) Schema(_ contex Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -438,14 +419,6 @@ func (r *LambdaServicesK8SAwsEventSourceMappingV1Alpha1Manifest) Schema(_ contex Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_url_config_v1alpha1_manifest.go b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_url_config_v1alpha1_manifest.go index 542d03f12..db9b576d2 100644 --- a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_url_config_v1alpha1_manifest.go +++ b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_url_config_v1alpha1_manifest.go @@ -55,8 +55,7 @@ type LambdaServicesK8SAwsFunctionUrlconfigV1Alpha1ManifestData struct { FunctionName *string `tfsdk:"function_name" json:"functionName,omitempty"` FunctionRef *struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"function_ref" json:"functionRef,omitempty"` Qualifier *string `tfsdk:"qualifier" json:"qualifier,omitempty"` @@ -232,14 +231,6 @@ func (r *LambdaServicesK8SAwsFunctionUrlconfigV1Alpha1Manifest) Schema(_ context Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_v1alpha1_manifest.go b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_v1alpha1_manifest.go index a46037aba..d845d1132 100644 --- a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_v1alpha1_manifest.go +++ b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_v1alpha1_manifest.go @@ -49,8 +49,7 @@ type LambdaServicesK8SAwsFunctionV1Alpha1ManifestData struct { S3Bucket *string `tfsdk:"s3_bucket" json:"s3Bucket,omitempty"` S3BucketRef *struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"s3_bucket_ref" json:"s3BucketRef,omitempty"` S3Key *string `tfsdk:"s3_key" json:"s3Key,omitempty"` @@ -96,8 +95,7 @@ type LambdaServicesK8SAwsFunctionV1Alpha1ManifestData struct { KmsKeyARN *string `tfsdk:"kms_key_arn" json:"kmsKeyARN,omitempty"` KmsKeyRef *struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"kms_key_ref" json:"kmsKeyRef,omitempty"` Layers *[]string `tfsdk:"layers" json:"layers,omitempty"` @@ -109,8 +107,7 @@ type LambdaServicesK8SAwsFunctionV1Alpha1ManifestData struct { Role *string `tfsdk:"role" json:"role,omitempty"` RoleRef *struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"role_ref" json:"roleRef,omitempty"` Runtime *string `tfsdk:"runtime" json:"runtime,omitempty"` @@ -126,15 +123,13 @@ type LambdaServicesK8SAwsFunctionV1Alpha1ManifestData struct { SecurityGroupIDs *[]string `tfsdk:"security_group_i_ds" json:"securityGroupIDs,omitempty"` SecurityGroupRefs *[]struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"security_group_refs" json:"securityGroupRefs,omitempty"` SubnetIDs *[]string `tfsdk:"subnet_i_ds" json:"subnetIDs,omitempty"` SubnetRefs *[]struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"subnet_refs" json:"subnetRefs,omitempty"` } `tfsdk:"vpc_config" json:"vpcConfig,omitempty"` @@ -262,14 +257,6 @@ func (r *LambdaServicesK8SAwsFunctionV1Alpha1Manifest) Schema(_ context.Context, Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -566,14 +553,6 @@ func (r *LambdaServicesK8SAwsFunctionV1Alpha1Manifest) Schema(_ context.Context, Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -657,14 +636,6 @@ func (r *LambdaServicesK8SAwsFunctionV1Alpha1Manifest) Schema(_ context.Context, Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -764,14 +735,6 @@ func (r *LambdaServicesK8SAwsFunctionV1Alpha1Manifest) Schema(_ context.Context, Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, @@ -809,14 +772,6 @@ func (r *LambdaServicesK8SAwsFunctionV1Alpha1Manifest) Schema(_ context.Context, Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_version_v1alpha1_manifest.go b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_version_v1alpha1_manifest.go index 88bd4ab72..b87b8e6b7 100644 --- a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_version_v1alpha1_manifest.go +++ b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_version_v1alpha1_manifest.go @@ -62,8 +62,7 @@ type LambdaServicesK8SAwsVersionV1Alpha1ManifestData struct { FunctionName *string `tfsdk:"function_name" json:"functionName,omitempty"` FunctionRef *struct { From *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"from" json:"from,omitempty"` } `tfsdk:"function_ref" json:"functionRef,omitempty"` ProvisionedConcurrencyConfig *struct { @@ -275,14 +274,6 @@ func (r *LambdaServicesK8SAwsVersionV1Alpha1Manifest) Schema(_ context.Context, Optional: true, Computed: false, }, - - "namespace": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/loki_grafana_com_v1/loki_grafana_com_loki_stack_v1_manifest.go b/internal/provider/loki_grafana_com_v1/loki_grafana_com_loki_stack_v1_manifest.go index afb46b4e2..86c467822 100644 --- a/internal/provider/loki_grafana_com_v1/loki_grafana_com_loki_stack_v1_manifest.go +++ b/internal/provider/loki_grafana_com_v1/loki_grafana_com_loki_stack_v1_manifest.go @@ -69,27 +69,6 @@ type LokiGrafanaComLokiStackV1ManifestData struct { PerStreamRateLimit *int64 `tfsdk:"per_stream_rate_limit" json:"perStreamRateLimit,omitempty"` PerStreamRateLimitBurst *int64 `tfsdk:"per_stream_rate_limit_burst" json:"perStreamRateLimitBurst,omitempty"` } `tfsdk:"ingestion" json:"ingestion,omitempty"` - Otlp *struct { - IndexedResourceAttributes *[]string `tfsdk:"indexed_resource_attributes" json:"indexedResourceAttributes,omitempty"` - LogAttributes *[]struct { - Action *string `tfsdk:"action" json:"action,omitempty"` - Attributes *[]string `tfsdk:"attributes" json:"attributes,omitempty"` - Regex *string `tfsdk:"regex" json:"regex,omitempty"` - } `tfsdk:"log_attributes" json:"logAttributes,omitempty"` - ResourceAttributes *struct { - Attributes *[]struct { - Action *string `tfsdk:"action" json:"action,omitempty"` - Attributes *[]string `tfsdk:"attributes" json:"attributes,omitempty"` - Regex *string `tfsdk:"regex" json:"regex,omitempty"` - } `tfsdk:"attributes" json:"attributes,omitempty"` - IgnoreDefaults *bool `tfsdk:"ignore_defaults" json:"ignoreDefaults,omitempty"` - } `tfsdk:"resource_attributes" json:"resourceAttributes,omitempty"` - ScopeAttributes *[]struct { - Action *string `tfsdk:"action" json:"action,omitempty"` - Attributes *[]string `tfsdk:"attributes" json:"attributes,omitempty"` - Regex *string `tfsdk:"regex" json:"regex,omitempty"` - } `tfsdk:"scope_attributes" json:"scopeAttributes,omitempty"` - } `tfsdk:"otlp" json:"otlp,omitempty"` Queries *struct { CardinalityLimit *int64 `tfsdk:"cardinality_limit" json:"cardinalityLimit,omitempty"` MaxChunksPerQuery *int64 `tfsdk:"max_chunks_per_query" json:"maxChunksPerQuery,omitempty"` @@ -120,26 +99,6 @@ type LokiGrafanaComLokiStackV1ManifestData struct { PerStreamRateLimit *int64 `tfsdk:"per_stream_rate_limit" json:"perStreamRateLimit,omitempty"` PerStreamRateLimitBurst *int64 `tfsdk:"per_stream_rate_limit_burst" json:"perStreamRateLimitBurst,omitempty"` } `tfsdk:"ingestion" json:"ingestion,omitempty"` - Otlp *struct { - LogAttributes *[]struct { - Action *string `tfsdk:"action" json:"action,omitempty"` - Attributes *[]string `tfsdk:"attributes" json:"attributes,omitempty"` - Regex *string `tfsdk:"regex" json:"regex,omitempty"` - } `tfsdk:"log_attributes" json:"logAttributes,omitempty"` - ResourceAttributes *struct { - Attributes *[]struct { - Action *string `tfsdk:"action" json:"action,omitempty"` - Attributes *[]string `tfsdk:"attributes" json:"attributes,omitempty"` - Regex *string `tfsdk:"regex" json:"regex,omitempty"` - } `tfsdk:"attributes" json:"attributes,omitempty"` - IgnoreDefaults *bool `tfsdk:"ignore_defaults" json:"ignoreDefaults,omitempty"` - } `tfsdk:"resource_attributes" json:"resourceAttributes,omitempty"` - ScopeAttributes *[]struct { - Action *string `tfsdk:"action" json:"action,omitempty"` - Attributes *[]string `tfsdk:"attributes" json:"attributes,omitempty"` - Regex *string `tfsdk:"regex" json:"regex,omitempty"` - } `tfsdk:"scope_attributes" json:"scopeAttributes,omitempty"` - } `tfsdk:"otlp" json:"otlp,omitempty"` Queries *struct { Blocked *[]struct { Hash *int64 `tfsdk:"hash" json:"hash,omitempty"` @@ -937,158 +896,6 @@ func (r *LokiGrafanaComLokiStackV1Manifest) Schema(_ context.Context, _ datasour Computed: false, }, - "otlp": schema.SingleNestedAttribute{ - Description: "OTLP to configure which resource, scope and log attributesto store as labels or structured metadata or drop them altogetherfor all tenants.", - MarkdownDescription: "OTLP to configure which resource, scope and log attributesto store as labels or structured metadata or drop them altogetherfor all tenants.", - Attributes: map[string]schema.Attribute{ - "indexed_resource_attributes": schema.ListAttribute{ - Description: "IndexedResourceAttributes contains the global configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - MarkdownDescription: "IndexedResourceAttributes contains the global configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "log_attributes": schema.ListNestedAttribute{ - Description: "LogAttributes contains the configuration for log attributesto store them as index labels or structured metadata or drop them altogether.", - MarkdownDescription: "LogAttributes contains the configuration for log attributesto store them as index labels or structured metadata or drop them altogether.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "action": schema.StringAttribute{ - Description: "Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether.", - MarkdownDescription: "Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("structured_metadata", "drop"), - }, - }, - - "attributes": schema.ListAttribute{ - Description: "Attributes allows choosing the attributes by listing their names.", - MarkdownDescription: "Attributes allows choosing the attributes by listing their names.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "regex": schema.StringAttribute{ - Description: "Regex allows choosing the attributes by matching a regular expression.", - MarkdownDescription: "Regex allows choosing the attributes by matching a regular expression.", - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "resource_attributes": schema.SingleNestedAttribute{ - Description: "ResourceAttributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - MarkdownDescription: "ResourceAttributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - Attributes: map[string]schema.Attribute{ - "attributes": schema.ListNestedAttribute{ - Description: "Attributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - MarkdownDescription: "Attributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "action": schema.StringAttribute{ - Description: "Action defines the indexing action for the selected resoure attributes. Theycan be either indexed as labels, added to structured metadata or drop altogether.", - MarkdownDescription: "Action defines the indexing action for the selected resoure attributes. Theycan be either indexed as labels, added to structured metadata or drop altogether.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("index_label", "structured_metadata", "drop"), - }, - }, - - "attributes": schema.ListAttribute{ - Description: "Attributes is the list of attributes to configure indexing or drop themaltogether.", - MarkdownDescription: "Attributes is the list of attributes to configure indexing or drop themaltogether.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "regex": schema.StringAttribute{ - Description: "Regex allows choosing the attributes by matching a regular expression.", - MarkdownDescription: "Regex allows choosing the attributes by matching a regular expression.", - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "ignore_defaults": schema.BoolAttribute{ - Description: "IgnoreDefaults controls whether to ignore the global configuration for resource attributesindexed as labels.If IgnoreDefaults is true, then this spec needs to contain at least one mapping to a index label.", - MarkdownDescription: "IgnoreDefaults controls whether to ignore the global configuration for resource attributesindexed as labels.If IgnoreDefaults is true, then this spec needs to contain at least one mapping to a index label.", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "scope_attributes": schema.ListNestedAttribute{ - Description: "ScopeAttributes contains the configuration for scope attributesto store them as index labels or structured metadata or drop them altogether.", - MarkdownDescription: "ScopeAttributes contains the configuration for scope attributesto store them as index labels or structured metadata or drop them altogether.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "action": schema.StringAttribute{ - Description: "Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether.", - MarkdownDescription: "Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("structured_metadata", "drop"), - }, - }, - - "attributes": schema.ListAttribute{ - Description: "Attributes allows choosing the attributes by listing their names.", - MarkdownDescription: "Attributes allows choosing the attributes by listing their names.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "regex": schema.StringAttribute{ - Description: "Regex allows choosing the attributes by matching a regular expression.", - MarkdownDescription: "Regex allows choosing the attributes by matching a regular expression.", - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "queries": schema.SingleNestedAttribute{ Description: "QueryLimits defines the limit applied on querying log streams.", MarkdownDescription: "QueryLimits defines the limit applied on querying log streams.", @@ -1302,149 +1109,6 @@ func (r *LokiGrafanaComLokiStackV1Manifest) Schema(_ context.Context, _ datasour Computed: false, }, - "otlp": schema.SingleNestedAttribute{ - Description: "OTLP to configure which resource, scope and log attributesto store as labels or structured metadata or drop them altogetherfor a single tenants.", - MarkdownDescription: "OTLP to configure which resource, scope and log attributesto store as labels or structured metadata or drop them altogetherfor a single tenants.", - Attributes: map[string]schema.Attribute{ - "log_attributes": schema.ListNestedAttribute{ - Description: "LogAttributes contains the configuration for log attributesto store them as index labels or structured metadata or drop them altogether.", - MarkdownDescription: "LogAttributes contains the configuration for log attributesto store them as index labels or structured metadata or drop them altogether.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "action": schema.StringAttribute{ - Description: "Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether.", - MarkdownDescription: "Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("structured_metadata", "drop"), - }, - }, - - "attributes": schema.ListAttribute{ - Description: "Attributes allows choosing the attributes by listing their names.", - MarkdownDescription: "Attributes allows choosing the attributes by listing their names.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "regex": schema.StringAttribute{ - Description: "Regex allows choosing the attributes by matching a regular expression.", - MarkdownDescription: "Regex allows choosing the attributes by matching a regular expression.", - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "resource_attributes": schema.SingleNestedAttribute{ - Description: "ResourceAttributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - MarkdownDescription: "ResourceAttributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - Attributes: map[string]schema.Attribute{ - "attributes": schema.ListNestedAttribute{ - Description: "Attributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - MarkdownDescription: "Attributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "action": schema.StringAttribute{ - Description: "Action defines the indexing action for the selected resoure attributes. Theycan be either indexed as labels, added to structured metadata or drop altogether.", - MarkdownDescription: "Action defines the indexing action for the selected resoure attributes. Theycan be either indexed as labels, added to structured metadata or drop altogether.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("index_label", "structured_metadata", "drop"), - }, - }, - - "attributes": schema.ListAttribute{ - Description: "Attributes is the list of attributes to configure indexing or drop themaltogether.", - MarkdownDescription: "Attributes is the list of attributes to configure indexing or drop themaltogether.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "regex": schema.StringAttribute{ - Description: "Regex allows choosing the attributes by matching a regular expression.", - MarkdownDescription: "Regex allows choosing the attributes by matching a regular expression.", - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "ignore_defaults": schema.BoolAttribute{ - Description: "IgnoreDefaults controls whether to ignore the global configuration for resource attributesindexed as labels.If IgnoreDefaults is true, then this spec needs to contain at least one mapping to a index label.", - MarkdownDescription: "IgnoreDefaults controls whether to ignore the global configuration for resource attributesindexed as labels.If IgnoreDefaults is true, then this spec needs to contain at least one mapping to a index label.", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "scope_attributes": schema.ListNestedAttribute{ - Description: "ScopeAttributes contains the configuration for scope attributesto store them as index labels or structured metadata or drop them altogether.", - MarkdownDescription: "ScopeAttributes contains the configuration for scope attributesto store them as index labels or structured metadata or drop them altogether.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "action": schema.StringAttribute{ - Description: "Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether.", - MarkdownDescription: "Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("structured_metadata", "drop"), - }, - }, - - "attributes": schema.ListAttribute{ - Description: "Attributes allows choosing the attributes by listing their names.", - MarkdownDescription: "Attributes allows choosing the attributes by listing their names.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "regex": schema.StringAttribute{ - Description: "Regex allows choosing the attributes by matching a regular expression.", - MarkdownDescription: "Regex allows choosing the attributes by matching a regular expression.", - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "queries": schema.SingleNestedAttribute{ Description: "QueryLimits defines the limit applied on querying log streams.", MarkdownDescription: "QueryLimits defines the limit applied on querying log streams.", diff --git a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_alertmanager_v1_manifest.go b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_alertmanager_v1_manifest.go index 154da9b9d..ef0d1104a 100644 --- a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_alertmanager_v1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_alertmanager_v1_manifest.go @@ -223,8 +223,7 @@ type MonitoringCoreosComAlertmanagerV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -286,10 +285,8 @@ type MonitoringCoreosComAlertmanagerV1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -2722,14 +2719,6 @@ func (r *MonitoringCoreosComAlertmanagerV1Manifest) Schema(_ context.Context, _ Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -2852,16 +2841,16 @@ func (r *MonitoringCoreosComAlertmanagerV1Manifest) Schema(_ context.Context, _ }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -2869,8 +2858,8 @@ func (r *MonitoringCoreosComAlertmanagerV1Manifest) Schema(_ context.Context, _ }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -3142,32 +3131,12 @@ func (r *MonitoringCoreosComAlertmanagerV1Manifest) Schema(_ context.Context, _ Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ diff --git a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_pod_monitor_v1_manifest.go b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_pod_monitor_v1_manifest.go index 7e5c0adee..0a0af0dc0 100644 --- a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_pod_monitor_v1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_pod_monitor_v1_manifest.go @@ -806,16 +806,16 @@ func (r *MonitoringCoreosComPodMonitorV1Manifest) Schema(_ context.Context, _ da }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -823,8 +823,8 @@ func (r *MonitoringCoreosComPodMonitorV1Manifest) Schema(_ context.Context, _ da }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_probe_v1_manifest.go b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_probe_v1_manifest.go index e2f4a39fb..03c5566e5 100644 --- a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_probe_v1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_probe_v1_manifest.go @@ -720,16 +720,16 @@ func (r *MonitoringCoreosComProbeV1Manifest) Schema(_ context.Context, _ datasou }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -737,8 +737,8 @@ func (r *MonitoringCoreosComProbeV1Manifest) Schema(_ context.Context, _ datasou }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_prometheus_v1_manifest.go b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_prometheus_v1_manifest.go index 7e0b0a158..fe4fd5dde 100644 --- a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_prometheus_v1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_prometheus_v1_manifest.go @@ -8703,8 +8703,8 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -8832,16 +8832,16 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -8849,8 +8849,8 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -9123,8 +9123,8 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -9132,8 +9132,8 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -9784,8 +9784,8 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -9913,16 +9913,16 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -9930,8 +9930,8 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -10204,8 +10204,8 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -10213,8 +10213,8 @@ func (r *MonitoringCoreosComPrometheusV1Manifest) Schema(_ context.Context, _ da }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_service_monitor_v1_manifest.go b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_service_monitor_v1_manifest.go index 1841070b4..763425709 100644 --- a/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_service_monitor_v1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1/monitoring_coreos_com_service_monitor_v1_manifest.go @@ -753,16 +753,16 @@ func (r *MonitoringCoreosComServiceMonitorV1Manifest) Schema(_ context.Context, }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -770,8 +770,8 @@ func (r *MonitoringCoreosComServiceMonitorV1Manifest) Schema(_ context.Context, }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.go b/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.go index a07c10b87..6f226d1a6 100644 --- a/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.go @@ -109,8 +109,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -172,10 +171,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -303,8 +300,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -366,10 +362,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -456,8 +450,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -519,10 +512,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -609,8 +600,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -672,10 +662,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -765,8 +753,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -828,10 +815,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -945,8 +930,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1008,10 +992,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1090,8 +1072,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1153,10 +1134,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1250,8 +1229,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1313,10 +1291,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1394,8 +1370,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1457,10 +1432,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1530,8 +1503,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1593,10 +1565,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1663,8 +1633,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1726,10 +1695,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1809,8 +1776,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1872,10 +1838,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Alpha1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -2472,14 +2436,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -2602,16 +2558,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -2619,8 +2575,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -2892,32 +2848,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -3777,14 +3713,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -3907,16 +3835,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -3924,8 +3852,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -4197,32 +4125,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -4812,14 +4720,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -4942,16 +4842,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -4959,8 +4859,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -5232,32 +5132,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -5856,14 +5736,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -5986,16 +5858,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -6003,8 +5875,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -6276,32 +6148,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -6907,14 +6759,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -7037,16 +6881,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -7054,8 +6898,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -7327,32 +7171,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -8154,14 +7978,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -8284,16 +8100,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -8301,8 +8117,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -8574,32 +8390,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -9140,14 +8936,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -9270,16 +9058,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -9287,8 +9075,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -9560,32 +9348,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -10216,14 +9984,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -10346,16 +10106,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -10363,8 +10123,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -10636,32 +10396,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -11186,14 +10926,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -11316,16 +11048,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -11333,8 +11065,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -11606,32 +11338,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -12101,14 +11813,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -12231,16 +11935,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -12248,8 +11952,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -12521,32 +12225,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -12992,14 +12676,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -13122,16 +12798,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -13139,8 +12815,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -13412,32 +13088,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -13973,14 +13629,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -14103,16 +13751,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -14120,8 +13768,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -14393,32 +14041,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ diff --git a/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_prometheus_agent_v1alpha1_manifest.go b/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_prometheus_agent_v1alpha1_manifest.go index 647deb31d..b81f3fb08 100644 --- a/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_prometheus_agent_v1alpha1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_prometheus_agent_v1alpha1_manifest.go @@ -7552,8 +7552,8 @@ func (r *MonitoringCoreosComPrometheusAgentV1Alpha1Manifest) Schema(_ context.Co }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -7681,16 +7681,16 @@ func (r *MonitoringCoreosComPrometheusAgentV1Alpha1Manifest) Schema(_ context.Co }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -7698,8 +7698,8 @@ func (r *MonitoringCoreosComPrometheusAgentV1Alpha1Manifest) Schema(_ context.Co }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -7972,8 +7972,8 @@ func (r *MonitoringCoreosComPrometheusAgentV1Alpha1Manifest) Schema(_ context.Co }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -7981,8 +7981,8 @@ func (r *MonitoringCoreosComPrometheusAgentV1Alpha1Manifest) Schema(_ context.Co }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_scrape_config_v1alpha1_manifest.go b/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_scrape_config_v1alpha1_manifest.go index 31a861b20..65596511e 100644 --- a/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_scrape_config_v1alpha1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_scrape_config_v1alpha1_manifest.go @@ -2659,8 +2659,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -2797,16 +2797,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -2814,8 +2814,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -3096,8 +3096,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -3105,8 +3105,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -3523,8 +3523,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -3652,16 +3652,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -3669,8 +3669,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -3951,8 +3951,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -3960,8 +3960,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -4481,8 +4481,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -4610,16 +4610,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -4627,8 +4627,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -4909,8 +4909,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -4918,8 +4918,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -5369,8 +5369,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -5498,16 +5498,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -5515,8 +5515,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -5801,8 +5801,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -5810,8 +5810,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -6169,8 +6169,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -6189,8 +6189,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -6198,8 +6198,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -6673,8 +6673,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -6802,16 +6802,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -6819,8 +6819,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -7093,8 +7093,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -7102,8 +7102,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -7624,8 +7624,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -7753,16 +7753,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -7770,8 +7770,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -8052,8 +8052,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -8061,8 +8061,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -8500,8 +8500,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -8629,16 +8629,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -8646,8 +8646,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -8920,8 +8920,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -8929,8 +8929,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -9289,8 +9289,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -9309,8 +9309,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -9318,8 +9318,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -9803,8 +9803,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -9932,16 +9932,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -9949,8 +9949,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -10223,8 +10223,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -10232,8 +10232,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -10707,8 +10707,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -10836,16 +10836,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -10853,8 +10853,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -11127,8 +11127,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -11136,8 +11136,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -11627,8 +11627,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -11756,16 +11756,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -11773,8 +11773,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -12059,8 +12059,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -12068,8 +12068,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -12457,8 +12457,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -12586,16 +12586,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -12603,8 +12603,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -12889,8 +12889,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -12898,8 +12898,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -13268,8 +13268,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -13438,8 +13438,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -13567,16 +13567,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -13584,8 +13584,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -13858,8 +13858,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -13867,8 +13867,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -14281,16 +14281,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -14298,8 +14298,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -15138,8 +15138,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -15147,8 +15147,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -15320,8 +15320,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -15449,16 +15449,16 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -15466,8 +15466,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -15752,8 +15752,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -15761,8 +15761,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -16183,8 +16183,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -16214,8 +16214,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -16223,8 +16223,8 @@ func (r *MonitoringCoreosComScrapeConfigV1Alpha1Manifest) Schema(_ context.Conte }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/monitoring_coreos_com_v1beta1/monitoring_coreos_com_alertmanager_config_v1beta1_manifest.go b/internal/provider/monitoring_coreos_com_v1beta1/monitoring_coreos_com_alertmanager_config_v1beta1_manifest.go index 3fef92302..b811efc94 100644 --- a/internal/provider/monitoring_coreos_com_v1beta1/monitoring_coreos_com_alertmanager_config_v1beta1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1beta1/monitoring_coreos_com_alertmanager_config_v1beta1_manifest.go @@ -90,8 +90,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -153,10 +152,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -281,8 +278,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -344,10 +340,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -432,8 +426,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -495,10 +488,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -583,8 +574,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -646,10 +636,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -736,8 +724,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -799,10 +786,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -912,8 +897,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -975,10 +959,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1056,8 +1038,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1119,10 +1100,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1214,8 +1193,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1277,10 +1255,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1356,8 +1332,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1419,10 +1394,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1491,8 +1464,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1554,10 +1526,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1623,8 +1593,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1686,10 +1655,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1766,8 +1733,7 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"bearer_token_secret" json:"bearerTokenSecret,omitempty"` - FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` - NoProxy *string `tfsdk:"no_proxy" json:"noProxy,omitempty"` + FollowRedirects *bool `tfsdk:"follow_redirects" json:"followRedirects,omitempty"` Oauth2 *struct { ClientId *struct { ConfigMap *struct { @@ -1829,10 +1795,8 @@ type MonitoringCoreosComAlertmanagerConfigV1Beta1ManifestData struct { } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` TokenUrl *string `tfsdk:"token_url" json:"tokenUrl,omitempty"` } `tfsdk:"oauth2" json:"oauth2,omitempty"` - ProxyConnectHeader *map[string]string `tfsdk:"proxy_connect_header" json:"proxyConnectHeader,omitempty"` - ProxyFromEnvironment *bool `tfsdk:"proxy_from_environment" json:"proxyFromEnvironment,omitempty"` - ProxyUrl *string `tfsdk:"proxy_url" json:"proxyUrl,omitempty"` - TlsConfig *struct { + ProxyURL *string `tfsdk:"proxy_url" json:"proxyURL,omitempty"` + TlsConfig *struct { Ca *struct { ConfigMap *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -2301,14 +2265,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -2431,16 +2387,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -2448,8 +2404,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -2721,32 +2677,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -3600,14 +3536,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -3730,16 +3658,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -3747,8 +3675,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -4020,32 +3948,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -4631,14 +4539,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -4761,16 +4661,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -4778,8 +4678,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -5051,32 +4951,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -5666,14 +5546,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -5796,16 +5668,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -5813,8 +5685,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -6086,32 +5958,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -6711,14 +6563,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -6841,16 +6685,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -6858,8 +6702,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -7131,32 +6975,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -7950,14 +7774,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -8080,16 +7896,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -8097,8 +7913,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -8370,32 +8186,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -8934,14 +8730,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -9064,16 +8852,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -9081,8 +8869,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -9354,32 +9142,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -10006,14 +9774,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -10136,16 +9896,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -10153,8 +9913,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -10426,32 +10186,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -10972,14 +10712,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -11102,16 +10834,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -11119,8 +10851,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -11392,32 +11124,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -11885,14 +11597,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -12015,16 +11719,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -12032,8 +11736,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -12305,32 +12009,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -12774,14 +12458,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -12904,16 +12580,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -12921,8 +12597,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -13194,32 +12870,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ @@ -13749,14 +13405,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "oauth2": schema.SingleNestedAttribute{ Description: "OAuth2 client credentials used to fetch a token for the targets.", MarkdownDescription: "OAuth2 client credentials used to fetch a token for the targets.", @@ -13879,16 +13527,16 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "no_proxy": schema.StringAttribute{ - Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, }, "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0.", ElementType: types.StringType, Required: false, Optional: true, @@ -13896,8 +13544,8 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. }, "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", + MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0.", Required: false, Optional: true, Computed: false, @@ -14169,32 +13817,12 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Beta1Manifest) Schema(_ context. Computed: false, }, - "proxy_connect_header": schema.MapAttribute{ - Description: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "proxy_from_environment": schema.BoolAttribute{ - Description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - MarkdownDescription: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", - Required: false, - Optional: true, - Computed: false, - }, - "proxy_url": schema.StringAttribute{ - Description: "'proxyURL' defines the HTTP proxy server to use.", - MarkdownDescription: "'proxyURL' defines the HTTP proxy server to use.", + Description: "Optional proxy URL.", + MarkdownDescription: "Optional proxy URL.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.RegexMatches(regexp.MustCompile(`^http(s)?://.+$`), ""), - }, }, "tls_config": schema.SingleNestedAttribute{ diff --git a/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest.go b/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest.go index 85d2fe85e..1bac1b88c 100644 --- a/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest.go +++ b/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest.go @@ -47,7 +47,7 @@ type MulticlusterCrdAntreaIoClusterInfoImportV1Alpha1ManifestData struct { GatewayInfos *[]struct { GatewayIP *string `tfsdk:"gateway_ip" json:"gatewayIP,omitempty"` } `tfsdk:"gateway_infos" json:"gatewayInfos,omitempty"` - PodCIDRs *[]string `tfsdk:"pod_cid_rs" json:"podCIDRs,omitempty"` + PodCIDRs *[]string `tfsdk:"pod_cidrs" json:"podCIDRs,omitempty"` ServiceCIDR *string `tfsdk:"service_cidr" json:"serviceCIDR,omitempty"` WireGuard *struct { PublicKey *string `tfsdk:"public_key" json:"publicKey,omitempty"` @@ -159,7 +159,7 @@ func (r *MulticlusterCrdAntreaIoClusterInfoImportV1Alpha1Manifest) Schema(_ cont Computed: false, }, - "pod_cid_rs": schema.ListAttribute{ + "pod_cidrs": schema.ListAttribute{ Description: "PodCIDRs is the Pod IP address CIDRs.", MarkdownDescription: "PodCIDRs is the Pod IP address CIDRs.", ElementType: types.StringType, diff --git a/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.go b/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.go index d4fc0cca4..a46c9cf73 100644 --- a/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.go +++ b/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.go @@ -49,7 +49,7 @@ type MulticlusterCrdAntreaIoResourceExportV1Alpha1ManifestData struct { GatewayInfos *[]struct { GatewayIP *string `tfsdk:"gateway_ip" json:"gatewayIP,omitempty"` } `tfsdk:"gateway_infos" json:"gatewayInfos,omitempty"` - PodCIDRs *[]string `tfsdk:"pod_cid_rs" json:"podCIDRs,omitempty"` + PodCIDRs *[]string `tfsdk:"pod_cidrs" json:"podCIDRs,omitempty"` ServiceCIDR *string `tfsdk:"service_cidr" json:"serviceCIDR,omitempty"` WireGuard *struct { PublicKey *string `tfsdk:"public_key" json:"publicKey,omitempty"` @@ -670,7 +670,7 @@ func (r *MulticlusterCrdAntreaIoResourceExportV1Alpha1Manifest) Schema(_ context Computed: false, }, - "pod_cid_rs": schema.ListAttribute{ + "pod_cidrs": schema.ListAttribute{ Description: "PodCIDRs is the Pod IP address CIDRs.", MarkdownDescription: "PodCIDRs is the Pod IP address CIDRs.", ElementType: types.StringType, diff --git a/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.go b/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.go index 1e773afbd..c03bdecc8 100644 --- a/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.go +++ b/internal/provider/multicluster_crd_antrea_io_v1alpha1/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.go @@ -49,7 +49,7 @@ type MulticlusterCrdAntreaIoResourceImportV1Alpha1ManifestData struct { GatewayInfos *[]struct { GatewayIP *string `tfsdk:"gateway_ip" json:"gatewayIP,omitempty"` } `tfsdk:"gateway_infos" json:"gatewayInfos,omitempty"` - PodCIDRs *[]string `tfsdk:"pod_cid_rs" json:"podCIDRs,omitempty"` + PodCIDRs *[]string `tfsdk:"pod_cidrs" json:"podCIDRs,omitempty"` ServiceCIDR *string `tfsdk:"service_cidr" json:"serviceCIDR,omitempty"` WireGuard *struct { PublicKey *string `tfsdk:"public_key" json:"publicKey,omitempty"` @@ -664,7 +664,7 @@ func (r *MulticlusterCrdAntreaIoResourceImportV1Alpha1Manifest) Schema(_ context Computed: false, }, - "pod_cid_rs": schema.ListAttribute{ + "pod_cidrs": schema.ListAttribute{ Description: "PodCIDRs is the Pod IP address CIDRs.", MarkdownDescription: "PodCIDRs is the Pod IP address CIDRs.", ElementType: types.StringType, diff --git a/internal/provider/notification_toolkit_fluxcd_io_v1beta1/notification_toolkit_fluxcd_io_alert_v1beta1_manifest.go b/internal/provider/notification_toolkit_fluxcd_io_v1beta1/notification_toolkit_fluxcd_io_alert_v1beta1_manifest.go index 557db92ab..10ff995cd 100644 --- a/internal/provider/notification_toolkit_fluxcd_io_v1beta1/notification_toolkit_fluxcd_io_alert_v1beta1_manifest.go +++ b/internal/provider/notification_toolkit_fluxcd_io_v1beta1/notification_toolkit_fluxcd_io_alert_v1beta1_manifest.go @@ -164,8 +164,8 @@ func (r *NotificationToolkitFluxcdIoAlertV1Beta1Manifest) Schema(_ context.Conte "kind": schema.StringAttribute{ Description: "Kind of the referent", MarkdownDescription: "Kind of the referent", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.OneOf("Bucket", "GitRepository", "Kustomization", "HelmRelease", "HelmChart", "HelmRepository", "ImageRepository", "ImagePolicy", "ImageUpdateAutomation", "OCIRepository"), diff --git a/internal/provider/notification_toolkit_fluxcd_io_v1beta1/notification_toolkit_fluxcd_io_receiver_v1beta1_manifest.go b/internal/provider/notification_toolkit_fluxcd_io_v1beta1/notification_toolkit_fluxcd_io_receiver_v1beta1_manifest.go index e182e62ee..9f7ceda81 100644 --- a/internal/provider/notification_toolkit_fluxcd_io_v1beta1/notification_toolkit_fluxcd_io_receiver_v1beta1_manifest.go +++ b/internal/provider/notification_toolkit_fluxcd_io_v1beta1/notification_toolkit_fluxcd_io_receiver_v1beta1_manifest.go @@ -161,8 +161,8 @@ func (r *NotificationToolkitFluxcdIoReceiverV1Beta1Manifest) Schema(_ context.Co "kind": schema.StringAttribute{ Description: "Kind of the referent", MarkdownDescription: "Kind of the referent", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.OneOf("Bucket", "GitRepository", "Kustomization", "HelmRelease", "HelmChart", "HelmRepository", "ImageRepository", "ImagePolicy", "ImageUpdateAutomation", "OCIRepository"), @@ -220,8 +220,8 @@ func (r *NotificationToolkitFluxcdIoReceiverV1Beta1Manifest) Schema(_ context.Co Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, diff --git a/internal/provider/notification_toolkit_fluxcd_io_v1beta2/notification_toolkit_fluxcd_io_receiver_v1beta2_manifest.go b/internal/provider/notification_toolkit_fluxcd_io_v1beta2/notification_toolkit_fluxcd_io_receiver_v1beta2_manifest.go index 618c25274..343929032 100644 --- a/internal/provider/notification_toolkit_fluxcd_io_v1beta2/notification_toolkit_fluxcd_io_receiver_v1beta2_manifest.go +++ b/internal/provider/notification_toolkit_fluxcd_io_v1beta2/notification_toolkit_fluxcd_io_receiver_v1beta2_manifest.go @@ -233,8 +233,8 @@ func (r *NotificationToolkitFluxcdIoReceiverV1Beta2Manifest) Schema(_ context.Co Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, diff --git a/internal/provider/operator_tigera_io_v1/operator_tigera_io_api_server_v1_manifest.go b/internal/provider/operator_tigera_io_v1/operator_tigera_io_api_server_v1_manifest.go index ff1aeea41..9e03e3ee2 100644 --- a/internal/provider/operator_tigera_io_v1/operator_tigera_io_api_server_v1_manifest.go +++ b/internal/provider/operator_tigera_io_v1/operator_tigera_io_api_server_v1_manifest.go @@ -1196,7 +1196,7 @@ func (r *OperatorTigeraIoApiserverV1Manifest) Schema(_ context.Context, _ dataso Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("calico-apiserver", "tigera-queryserver", "calico-l7-admission-controller"), + stringvalidator.OneOf("calico-apiserver", "tigera-queryserver"), }, }, diff --git a/internal/provider/operator_tigera_io_v1/operator_tigera_io_application_layer_v1_manifest.go b/internal/provider/operator_tigera_io_v1/operator_tigera_io_application_layer_v1_manifest.go index 8e483373c..8f08b5c52 100644 --- a/internal/provider/operator_tigera_io_v1/operator_tigera_io_application_layer_v1_manifest.go +++ b/internal/provider/operator_tigera_io_v1/operator_tigera_io_application_layer_v1_manifest.go @@ -81,7 +81,6 @@ type OperatorTigeraIoApplicationLayerV1ManifestData struct { LogIntervalSeconds *int64 `tfsdk:"log_interval_seconds" json:"logIntervalSeconds,omitempty"` LogRequestsPerInterval *int64 `tfsdk:"log_requests_per_interval" json:"logRequestsPerInterval,omitempty"` } `tfsdk:"log_collection" json:"logCollection,omitempty"` - SidecarInjection *string `tfsdk:"sidecar_injection" json:"sidecarInjection,omitempty"` WebApplicationFirewall *string `tfsdk:"web_application_firewall" json:"webApplicationFirewall,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } @@ -157,9 +156,6 @@ func (r *OperatorTigeraIoApplicationLayerV1Manifest) Schema(_ context.Context, _ Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("Enabled", "Disabled"), - }, }, "envoy": schema.SingleNestedAttribute{ @@ -370,9 +366,6 @@ func (r *OperatorTigeraIoApplicationLayerV1Manifest) Schema(_ context.Context, _ Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("Enabled", "Disabled"), - }, }, "log_interval_seconds": schema.Int64Attribute{ @@ -396,26 +389,12 @@ func (r *OperatorTigeraIoApplicationLayerV1Manifest) Schema(_ context.Context, _ Computed: false, }, - "sidecar_injection": schema.StringAttribute{ - Description: "SidecarInjection controls whether or not sidecar injection is enabled for the cluster.When enabled, pods with the label'applicationlayer.projectcalico.org/sidecar'='true' will have their L7 functionalitysuch as WAF and ALP implemented using an injected sidecar instead of a per-host proxy.The per-host proxy will continue to be used for pods without this label.", - MarkdownDescription: "SidecarInjection controls whether or not sidecar injection is enabled for the cluster.When enabled, pods with the label'applicationlayer.projectcalico.org/sidecar'='true' will have their L7 functionalitysuch as WAF and ALP implemented using an injected sidecar instead of a per-host proxy.The per-host proxy will continue to be used for pods without this label.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("Enabled", "Disabled"), - }, - }, - "web_application_firewall": schema.StringAttribute{ Description: "WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.", MarkdownDescription: "WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("Enabled", "Disabled"), - }, }, }, Required: false, diff --git a/internal/provider/operator_tigera_io_v1/operator_tigera_io_installation_v1_manifest.go b/internal/provider/operator_tigera_io_v1/operator_tigera_io_installation_v1_manifest.go index bdc955a0d..47c6e3d9a 100644 --- a/internal/provider/operator_tigera_io_v1/operator_tigera_io_installation_v1_manifest.go +++ b/internal/provider/operator_tigera_io_v1/operator_tigera_io_installation_v1_manifest.go @@ -953,7 +953,7 @@ type OperatorTigeraIoInstallationV1ManifestData struct { } `tfsdk:"node_update_strategy" json:"nodeUpdateStrategy,omitempty"` NonPrivileged *string `tfsdk:"non_privileged" json:"nonPrivileged,omitempty"` Registry *string `tfsdk:"registry" json:"registry,omitempty"` - ServiceCIDRs *[]string `tfsdk:"service_cid_rs" json:"serviceCIDRs,omitempty"` + ServiceCIDRs *[]string `tfsdk:"service_cidrs" json:"serviceCIDRs,omitempty"` TyphaAffinity *struct { NodeAffinity *struct { PreferredDuringSchedulingIgnoredDuringExecution *[]struct { @@ -7323,7 +7323,7 @@ func (r *OperatorTigeraIoInstallationV1Manifest) Schema(_ context.Context, _ dat Computed: false, }, - "service_cid_rs": schema.ListAttribute{ + "service_cidrs": schema.ListAttribute{ Description: "Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows.", MarkdownDescription: "Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows.", ElementType: types.StringType, diff --git a/internal/provider/operator_tigera_io_v1/operator_tigera_io_intrusion_detection_v1_manifest.go b/internal/provider/operator_tigera_io_v1/operator_tigera_io_intrusion_detection_v1_manifest.go index 000ee85c7..a00118099 100644 --- a/internal/provider/operator_tigera_io_v1/operator_tigera_io_intrusion_detection_v1_manifest.go +++ b/internal/provider/operator_tigera_io_v1/operator_tigera_io_intrusion_detection_v1_manifest.go @@ -55,25 +55,6 @@ type OperatorTigeraIoIntrusionDetectionV1ManifestData struct { Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resource_requirements" json:"resourceRequirements,omitempty"` } `tfsdk:"component_resources" json:"componentResources,omitempty"` - DeepPacketInspectionDaemonset *struct { - Spec *struct { - Template *struct { - Spec *struct { - InitContainers *[]struct { - Image *string `tfsdk:"image" json:"image,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Resources *struct { - Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"claims" json:"claims,omitempty"` - Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` - Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` - } `tfsdk:"resources" json:"resources,omitempty"` - } `tfsdk:"init_containers" json:"initContainers,omitempty"` - } `tfsdk:"spec" json:"spec,omitempty"` - } `tfsdk:"template" json:"template,omitempty"` - } `tfsdk:"spec" json:"spec,omitempty"` - } `tfsdk:"deep_packet_inspection_daemonset" json:"deepPacketInspectionDaemonset,omitempty"` IntrusionDetectionControllerDeployment *struct { Spec *struct { Template *struct { @@ -255,118 +236,6 @@ func (r *OperatorTigeraIoIntrusionDetectionV1Manifest) Schema(_ context.Context, Computed: false, }, - "deep_packet_inspection_daemonset": schema.SingleNestedAttribute{ - Description: "DeepPacketInspectionDaemonset configures the DPI Daemonset", - MarkdownDescription: "DeepPacketInspectionDaemonset configures the DPI Daemonset", - Attributes: map[string]schema.Attribute{ - "spec": schema.SingleNestedAttribute{ - Description: "DPIDaemonsetSpec configures the DPI Daemonset", - MarkdownDescription: "DPIDaemonsetSpec configures the DPI Daemonset", - Attributes: map[string]schema.Attribute{ - "template": schema.SingleNestedAttribute{ - Description: "Template specifies DPI Daemonset Template", - MarkdownDescription: "Template specifies DPI Daemonset Template", - Attributes: map[string]schema.Attribute{ - "spec": schema.SingleNestedAttribute{ - Description: "Spec specifies DPI Daemonset Template Spec", - MarkdownDescription: "Spec specifies DPI Daemonset Template Spec", - Attributes: map[string]schema.Attribute{ - "init_containers": schema.ListNestedAttribute{ - Description: "List of DPI Daemonset Init containers definitions", - MarkdownDescription: "List of DPI Daemonset Init containers definitions", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "image": schema.StringAttribute{ - Description: "Image name for the init container", - MarkdownDescription: "Image name for the init container", - Required: true, - Optional: false, - Computed: false, - }, - - "name": schema.StringAttribute{ - Description: "Name is an enum that identifies the init container by its name.", - MarkdownDescription: "Name is an enum that identifies the init container by its name.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("snort-rules"), - }, - }, - - "resources": schema.SingleNestedAttribute{ - Description: "Resources allows customization of limits and requests for compute resources such as cpu and memory.If specified, this overrides the init container's resources.If omitted, the default values will be used for the init container's resources.", - MarkdownDescription: "Resources allows customization of limits and requests for compute resources such as cpu and memory.If specified, this overrides the init container's resources.If omitted, the default values will be used for the init container's resources.", - Attributes: map[string]schema.Attribute{ - "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "limits": schema.MapAttribute{ - Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "requests": schema.MapAttribute{ - Description: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - MarkdownDescription: "Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "intrusion_detection_controller_deployment": schema.SingleNestedAttribute{ Description: "IntrusionDetectionControllerDeployment configures the IntrusionDetection Controller Deployment.", MarkdownDescription: "IntrusionDetectionControllerDeployment configures the IntrusionDetection Controller Deployment.", diff --git a/internal/provider/org_eclipse_che_v2/org_eclipse_che_che_cluster_v2_manifest.go b/internal/provider/org_eclipse_che_v2/org_eclipse_che_che_cluster_v2_manifest.go index 10b306b1e..99bbade90 100644 --- a/internal/provider/org_eclipse_che_v2/org_eclipse_che_che_cluster_v2_manifest.go +++ b/internal/provider/org_eclipse_che_v2/org_eclipse_che_che_cluster_v2_manifest.go @@ -298,9 +298,6 @@ type OrgEclipseCheCheClusterV2ManifestData struct { Organization *string `tfsdk:"organization" json:"organization,omitempty"` } `tfsdk:"container_registry" json:"containerRegistry,omitempty"` DevEnvironments *struct { - AllowedSource *struct { - Urls *[]string `tfsdk:"urls" json:"urls,omitempty"` - } `tfsdk:"allowed_source" json:"allowedSource,omitempty"` ContainerBuildConfiguration *struct { OpenShiftSecurityContextConstraint *string `tfsdk:"open_shift_security_context_constraint" json:"openShiftSecurityContextConstraint,omitempty"` } `tfsdk:"container_build_configuration" json:"containerBuildConfiguration,omitempty"` @@ -2541,24 +2538,6 @@ func (r *OrgEclipseCheCheClusterV2Manifest) Schema(_ context.Context, _ datasour Description: "Development environment default configuration options.", MarkdownDescription: "Development environment default configuration options.", Attributes: map[string]schema.Attribute{ - "allowed_source": schema.SingleNestedAttribute{ - Description: "AllowedSource defines the allowed sources on which workspaces can be started.", - MarkdownDescription: "AllowedSource defines the allowed sources on which workspaces can be started.", - Attributes: map[string]schema.Attribute{ - "urls": schema.ListAttribute{ - Description: "The list of approved URLs for starting Cloud Development Environments (CDEs). CDEs can only beinitiated from these URLs.", - MarkdownDescription: "The list of approved URLs for starting Cloud Development Environments (CDEs). CDEs can only beinitiated from these URLs.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "container_build_configuration": schema.SingleNestedAttribute{ Description: "Container build configuration.", MarkdownDescription: "Container build configuration.", diff --git a/internal/provider/pgv2_percona_com_v2/pgv2_percona_com_percona_pg_cluster_v2_manifest.go b/internal/provider/pgv2_percona_com_v2/pgv2_percona_com_percona_pg_cluster_v2_manifest.go index 066cc02b4..19a057f2f 100644 --- a/internal/provider/pgv2_percona_com_v2/pgv2_percona_com_percona_pg_cluster_v2_manifest.go +++ b/internal/provider/pgv2_percona_com_v2/pgv2_percona_com_percona_pg_cluster_v2_manifest.go @@ -2138,7 +2138,6 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` Image *string `tfsdk:"image" json:"image,omitempty"` ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` - QuerySource *string `tfsdk:"query_source" json:"querySource,omitempty"` Resources *struct { Claims *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -2708,15 +2707,6 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"custom_replication_tls_secret" json:"customReplicationTLSSecret,omitempty"` - CustomRootCATLSSecret *struct { - Items *[]struct { - Key *string `tfsdk:"key" json:"key,omitempty"` - Mode *int64 `tfsdk:"mode" json:"mode,omitempty"` - Path *string `tfsdk:"path" json:"path,omitempty"` - } `tfsdk:"items" json:"items,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Optional *bool `tfsdk:"optional" json:"optional,omitempty"` - } `tfsdk:"custom_root_catls_secret" json:"customRootCATLSSecret,omitempty"` CustomTLSSecret *struct { Items *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -16933,17 +16923,6 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d }, }, - "query_source": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("pgstatmonitor", "pgstatstatements"), - }, - }, - "resources": schema.SingleNestedAttribute{ Description: "Compute resources of a PMM container.", MarkdownDescription: "Compute resources of a PMM container.", @@ -20769,66 +20748,6 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, - "custom_root_catls_secret": schema.SingleNestedAttribute{ - Description: "The secret containing the root CA certificate and key forsecure connections to the PostgreSQL server. It will need to contain theCA TLS certificate and CA TLS key with the data keys set toroot.crt and root.key, respectively.", - MarkdownDescription: "The secret containing the root CA certificate and key forsecure connections to the PostgreSQL server. It will need to contain theCA TLS certificate and CA TLS key with the data keys set toroot.crt and root.key, respectively.", - Attributes: map[string]schema.Attribute{ - "items": schema.ListNestedAttribute{ - Description: "items if unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "key": schema.StringAttribute{ - Description: "key is the key to project.", - MarkdownDescription: "key is the key to project.", - Required: true, - Optional: false, - Computed: false, - }, - - "mode": schema.Int64Attribute{ - Description: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set.", - Required: false, - Optional: true, - Computed: false, - }, - - "path": schema.StringAttribute{ - Description: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - MarkdownDescription: "path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'.", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "name": schema.StringAttribute{ - Description: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - MarkdownDescription: "Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - Required: false, - Optional: true, - Computed: false, - }, - - "optional": schema.BoolAttribute{ - Description: "optional field specify whether the Secret or its key must be defined", - MarkdownDescription: "optional field specify whether the Secret or its key must be defined", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "custom_tls_secret": schema.SingleNestedAttribute{ Description: "The secret containing the Certificates and Keys to encrypt PostgreSQLtraffic will need to contain the server TLS certificate, TLS key and theCertificate Authority certificate with the data keys set to tls.crt,tls.key and ca.crt, respectively. It will then be mounted as a volumeprojection to the '/pgconf/tls' directory. For more information onKubernetes secret projections, please seehttps://k8s.io/docs/concepts/configuration/secret/#projection-of-secret-keys-to-specific-pathsNOTE: If CustomTLSSecret is provided, CustomReplicationClientTLSSecretMUST be provided and the ca.crt provided must be the same.", MarkdownDescription: "The secret containing the Certificates and Keys to encrypt PostgreSQLtraffic will need to contain the server TLS certificate, TLS key and theCertificate Authority certificate with the data keys set to tls.crt,tls.key and ca.crt, respectively. It will then be mounted as a volumeprojection to the '/pgconf/tls' directory. For more information onKubernetes secret projections, please seehttps://k8s.io/docs/concepts/configuration/secret/#projection-of-secret-keys-to-specific-pathsNOTE: If CustomTLSSecret is provided, CustomReplicationClientTLSSecretMUST be provided and the ca.crt provided must be the same.", diff --git a/internal/provider/postgres_operator_crunchydata_com_v1beta1/postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest.go b/internal/provider/postgres_operator_crunchydata_com_v1beta1/postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest.go index 867e5452c..fc4ad2e02 100644 --- a/internal/provider/postgres_operator_crunchydata_com_v1beta1/postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest.go +++ b/internal/provider/postgres_operator_crunchydata_com_v1beta1/postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest.go @@ -1169,7 +1169,7 @@ func (r *PostgresOperatorCrunchydataComPgupgradeV1Beta1Manifest) Schema(_ contex Computed: false, Validators: []validator.Int64{ int64validator.AtLeast(10), - int64validator.AtMost(17), + int64validator.AtMost(16), }, }, @@ -1319,7 +1319,7 @@ func (r *PostgresOperatorCrunchydataComPgupgradeV1Beta1Manifest) Schema(_ contex Computed: false, Validators: []validator.Int64{ int64validator.AtLeast(10), - int64validator.AtMost(17), + int64validator.AtMost(16), }, }, diff --git a/internal/provider/postgres_operator_crunchydata_com_v1beta1/postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest.go b/internal/provider/postgres_operator_crunchydata_com_v1beta1/postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest.go index 3aeade85c..1d907d433 100644 --- a/internal/provider/postgres_operator_crunchydata_com_v1beta1/postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest.go +++ b/internal/provider/postgres_operator_crunchydata_com_v1beta1/postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest.go @@ -14456,7 +14456,7 @@ func (r *PostgresOperatorCrunchydataComPostgresClusterV1Beta1Manifest) Schema(_ Computed: false, Validators: []validator.Int64{ int64validator.AtLeast(10), - int64validator.AtMost(17), + int64validator.AtMost(16), }, }, diff --git a/internal/provider/postgresql_cnpg_io_v1/postgresql_cnpg_io_cluster_v1_manifest.go b/internal/provider/postgresql_cnpg_io_v1/postgresql_cnpg_io_cluster_v1_manifest.go index d05459ec3..d21230b3f 100644 --- a/internal/provider/postgresql_cnpg_io_v1/postgresql_cnpg_io_cluster_v1_manifest.go +++ b/internal/provider/postgresql_cnpg_io_v1/postgresql_cnpg_io_cluster_v1_manifest.go @@ -688,7 +688,6 @@ type PostgresqlCnpgIoClusterV1ManifestData struct { ReusePVC *bool `tfsdk:"reuse_pvc" json:"reusePVC,omitempty"` } `tfsdk:"node_maintenance_window" json:"nodeMaintenanceWindow,omitempty"` Plugins *[]struct { - Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` Parameters *map[string]string `tfsdk:"parameters" json:"parameters,omitempty"` } `tfsdk:"plugins" json:"plugins,omitempty"` @@ -5445,14 +5444,6 @@ func (r *PostgresqlCnpgIoClusterV1Manifest) Schema(_ context.Context, _ datasour MarkdownDescription: "The plugins configuration, containingany plugin to be loaded with the corresponding configuration", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ - "enabled": schema.BoolAttribute{ - Description: "Enabled is true if this plugin will be used", - MarkdownDescription: "Enabled is true if this plugin will be used", - Required: false, - Optional: true, - Computed: false, - }, - "name": schema.StringAttribute{ Description: "Name is the plugin name", MarkdownDescription: "Name is the plugin name", diff --git a/internal/provider/resources_teleport_dev_v2/resources_teleport_dev_teleport_provision_token_v2_manifest.go b/internal/provider/resources_teleport_dev_v2/resources_teleport_dev_teleport_provision_token_v2_manifest.go index fd46786df..8a6f114ab 100644 --- a/internal/provider/resources_teleport_dev_v2/resources_teleport_dev_teleport_provision_token_v2_manifest.go +++ b/internal/provider/resources_teleport_dev_v2/resources_teleport_dev_teleport_provision_token_v2_manifest.go @@ -139,7 +139,6 @@ type ResourcesTeleportDevTeleportProvisionTokenV2ManifestData struct { Workspace_name *string `tfsdk:"workspace_name" json:"workspace_name,omitempty"` } `tfsdk:"allow" json:"allow,omitempty"` Audience *string `tfsdk:"audience" json:"audience,omitempty"` - Hostname *string `tfsdk:"hostname" json:"hostname,omitempty"` } `tfsdk:"terraform_cloud" json:"terraform_cloud,omitempty"` Tpm *struct { Allow *[]struct { @@ -899,14 +898,6 @@ func (r *ResourcesTeleportDevTeleportProvisionTokenV2Manifest) Schema(_ context. Optional: true, Computed: false, }, - - "hostname": schema.StringAttribute{ - Description: "Hostname is the hostname of the Terraform Enterprise instance expected to issue JWTs allowed by this token. This may be unset for regular Terraform Cloud use, in which case it will be assumed to be 'app.terraform.io'. Otherwise, it must both match the 'iss' (issuer) field included in JWTs, and provide standard JWKS endpoints.", - MarkdownDescription: "Hostname is the hostname of the Terraform Enterprise instance expected to issue JWTs allowed by this token. This may be unset for regular Terraform Cloud use, in which case it will be assumed to be 'app.terraform.io'. Otherwise, it must both match the 'iss' (issuer) field included in JWTs, and provide standard JWKS endpoints.", - Required: false, - Optional: true, - Computed: false, - }, }, Required: false, Optional: true, diff --git a/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_platform_v1alpha08_manifest.go b/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_platform_v1alpha08_manifest.go index 1e96a5ad6..b4b2be1f0 100644 --- a/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_platform_v1alpha08_manifest.go +++ b/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_platform_v1alpha08_manifest.go @@ -3475,8 +3475,8 @@ func (r *SonataflowOrgSonataFlowPlatformV1Alpha08Manifest) Schema(_ context.Cont "migrate_db_on_start_up": schema.BoolAttribute{ Description: "Whether to migrate database on service startup?", MarkdownDescription: "Whether to migrate database on service startup?", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, }, @@ -11799,8 +11799,8 @@ func (r *SonataflowOrgSonataFlowPlatformV1Alpha08Manifest) Schema(_ context.Cont "migrate_db_on_start_up": schema.BoolAttribute{ Description: "Whether to migrate database on service startup?", MarkdownDescription: "Whether to migrate database on service startup?", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, }, diff --git a/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_v1alpha08_manifest.go b/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_v1alpha08_manifest.go index 484095ec1..db7a55652 100644 --- a/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_v1alpha08_manifest.go +++ b/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_v1alpha08_manifest.go @@ -1968,8 +1968,8 @@ func (r *SonataflowOrgSonataFlowV1Alpha08Manifest) Schema(_ context.Context, _ d "migrate_db_on_start_up": schema.BoolAttribute{ Description: "Whether to migrate database on service startup?", MarkdownDescription: "Whether to migrate database on service startup?", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, }, diff --git a/internal/provider/sparkoperator_k8s_io_v1beta2/sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest.go b/internal/provider/sparkoperator_k8s_io_v1beta2/sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest.go index 90f69b054..a735f7d2b 100644 --- a/internal/provider/sparkoperator_k8s_io_v1beta2/sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest.go +++ b/internal/provider/sparkoperator_k8s_io_v1beta2/sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest.go @@ -593,9 +593,8 @@ type SparkoperatorK8SIoScheduledSparkApplicationV1Beta2ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Protocol *string `tfsdk:"protocol" json:"protocol,omitempty"` } `tfsdk:"ports" json:"ports,omitempty"` - PriorityClassName *string `tfsdk:"priority_class_name" json:"priorityClassName,omitempty"` - SchedulerName *string `tfsdk:"scheduler_name" json:"schedulerName,omitempty"` - Secrets *[]struct { + SchedulerName *string `tfsdk:"scheduler_name" json:"schedulerName,omitempty"` + Secrets *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` Path *string `tfsdk:"path" json:"path,omitempty"` SecretType *string `tfsdk:"secret_type" json:"secretType,omitempty"` @@ -1439,9 +1438,8 @@ type SparkoperatorK8SIoScheduledSparkApplicationV1Beta2ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Protocol *string `tfsdk:"protocol" json:"protocol,omitempty"` } `tfsdk:"ports" json:"ports,omitempty"` - PriorityClassName *string `tfsdk:"priority_class_name" json:"priorityClassName,omitempty"` - SchedulerName *string `tfsdk:"scheduler_name" json:"schedulerName,omitempty"` - Secrets *[]struct { + SchedulerName *string `tfsdk:"scheduler_name" json:"schedulerName,omitempty"` + Secrets *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` Path *string `tfsdk:"path" json:"path,omitempty"` SecretType *string `tfsdk:"secret_type" json:"secretType,omitempty"` @@ -5840,14 +5838,6 @@ func (r *SparkoperatorK8SIoScheduledSparkApplicationV1Beta2Manifest) Schema(_ co Computed: false, }, - "priority_class_name": schema.StringAttribute{ - Description: "PriorityClassName is the name of the PriorityClass for the driver pod.", - MarkdownDescription: "PriorityClassName is the name of the PriorityClass for the driver pod.", - Required: false, - Optional: true, - Computed: false, - }, - "scheduler_name": schema.StringAttribute{ Description: "SchedulerName specifies the scheduler that will be used for scheduling", MarkdownDescription: "SchedulerName specifies the scheduler that will be used for scheduling", @@ -11514,14 +11504,6 @@ func (r *SparkoperatorK8SIoScheduledSparkApplicationV1Beta2Manifest) Schema(_ co Computed: false, }, - "priority_class_name": schema.StringAttribute{ - Description: "PriorityClassName is the name of the PriorityClass for the executor pod.", - MarkdownDescription: "PriorityClassName is the name of the PriorityClass for the executor pod.", - Required: false, - Optional: true, - Computed: false, - }, - "scheduler_name": schema.StringAttribute{ Description: "SchedulerName specifies the scheduler that will be used for scheduling", MarkdownDescription: "SchedulerName specifies the scheduler that will be used for scheduling", diff --git a/internal/provider/sparkoperator_k8s_io_v1beta2/sparkoperator_k8s_io_spark_application_v1beta2_manifest.go b/internal/provider/sparkoperator_k8s_io_v1beta2/sparkoperator_k8s_io_spark_application_v1beta2_manifest.go index f2ea74623..3e8879ab9 100644 --- a/internal/provider/sparkoperator_k8s_io_v1beta2/sparkoperator_k8s_io_spark_application_v1beta2_manifest.go +++ b/internal/provider/sparkoperator_k8s_io_v1beta2/sparkoperator_k8s_io_spark_application_v1beta2_manifest.go @@ -587,9 +587,8 @@ type SparkoperatorK8SIoSparkApplicationV1Beta2ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Protocol *string `tfsdk:"protocol" json:"protocol,omitempty"` } `tfsdk:"ports" json:"ports,omitempty"` - PriorityClassName *string `tfsdk:"priority_class_name" json:"priorityClassName,omitempty"` - SchedulerName *string `tfsdk:"scheduler_name" json:"schedulerName,omitempty"` - Secrets *[]struct { + SchedulerName *string `tfsdk:"scheduler_name" json:"schedulerName,omitempty"` + Secrets *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` Path *string `tfsdk:"path" json:"path,omitempty"` SecretType *string `tfsdk:"secret_type" json:"secretType,omitempty"` @@ -1433,9 +1432,8 @@ type SparkoperatorK8SIoSparkApplicationV1Beta2ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Protocol *string `tfsdk:"protocol" json:"protocol,omitempty"` } `tfsdk:"ports" json:"ports,omitempty"` - PriorityClassName *string `tfsdk:"priority_class_name" json:"priorityClassName,omitempty"` - SchedulerName *string `tfsdk:"scheduler_name" json:"schedulerName,omitempty"` - Secrets *[]struct { + SchedulerName *string `tfsdk:"scheduler_name" json:"schedulerName,omitempty"` + Secrets *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` Path *string `tfsdk:"path" json:"path,omitempty"` SecretType *string `tfsdk:"secret_type" json:"secretType,omitempty"` @@ -5789,14 +5787,6 @@ func (r *SparkoperatorK8SIoSparkApplicationV1Beta2Manifest) Schema(_ context.Con Computed: false, }, - "priority_class_name": schema.StringAttribute{ - Description: "PriorityClassName is the name of the PriorityClass for the driver pod.", - MarkdownDescription: "PriorityClassName is the name of the PriorityClass for the driver pod.", - Required: false, - Optional: true, - Computed: false, - }, - "scheduler_name": schema.StringAttribute{ Description: "SchedulerName specifies the scheduler that will be used for scheduling", MarkdownDescription: "SchedulerName specifies the scheduler that will be used for scheduling", @@ -11463,14 +11453,6 @@ func (r *SparkoperatorK8SIoSparkApplicationV1Beta2Manifest) Schema(_ context.Con Computed: false, }, - "priority_class_name": schema.StringAttribute{ - Description: "PriorityClassName is the name of the PriorityClass for the executor pod.", - MarkdownDescription: "PriorityClassName is the name of the PriorityClass for the executor pod.", - Required: false, - Optional: true, - Computed: false, - }, - "scheduler_name": schema.StringAttribute{ Description: "SchedulerName specifies the scheduler that will be used for scheduling", MarkdownDescription: "SchedulerName specifies the scheduler that will be used for scheduling", diff --git a/internal/provider/submariner_io_v1alpha1/submariner_io_broker_v1alpha1_manifest.go b/internal/provider/submariner_io_v1alpha1/submariner_io_broker_v1alpha1_manifest.go index 4d148c941..12441f1e7 100644 --- a/internal/provider/submariner_io_v1alpha1/submariner_io_broker_v1alpha1_manifest.go +++ b/internal/provider/submariner_io_v1alpha1/submariner_io_broker_v1alpha1_manifest.go @@ -43,8 +43,6 @@ type SubmarinerIoBrokerV1Alpha1ManifestData struct { } `tfsdk:"metadata" json:"metadata"` Spec *struct { - ClustersetIPCIDRRange *string `tfsdk:"clusterset_ipcidr_range" json:"clustersetIPCIDRRange,omitempty"` - ClustersetIPEnabled *bool `tfsdk:"clusterset_ip_enabled" json:"clustersetIPEnabled,omitempty"` Components *[]string `tfsdk:"components" json:"components,omitempty"` DefaultCustomDomains *[]string `tfsdk:"default_custom_domains" json:"defaultCustomDomains,omitempty"` DefaultGlobalnetClusterSize *int64 `tfsdk:"default_globalnet_cluster_size" json:"defaultGlobalnetClusterSize,omitempty"` @@ -130,22 +128,6 @@ func (r *SubmarinerIoBrokerV1Alpha1Manifest) Schema(_ context.Context, _ datasou Description: "BrokerSpec defines the desired state of Broker.", MarkdownDescription: "BrokerSpec defines the desired state of Broker.", Attributes: map[string]schema.Attribute{ - "clusterset_ipcidr_range": schema.StringAttribute{ - Description: "ClustersetIP supernet range for allocating ClustersetIPCIDRs to each cluster.", - MarkdownDescription: "ClustersetIP supernet range for allocating ClustersetIPCIDRs to each cluster.", - Required: false, - Optional: true, - Computed: false, - }, - - "clusterset_ip_enabled": schema.BoolAttribute{ - Description: "Enable ClustersetIP default for connecting clusters.", - MarkdownDescription: "Enable ClustersetIP default for connecting clusters.", - Required: false, - Optional: true, - Computed: false, - }, - "components": schema.ListAttribute{ Description: "List of the components to be installed - any of [service-discovery, connectivity].", MarkdownDescription: "List of the components to be installed - any of [service-discovery, connectivity].", diff --git a/internal/provider/submariner_io_v1alpha1/submariner_io_service_discovery_v1alpha1_manifest.go b/internal/provider/submariner_io_v1alpha1/submariner_io_service_discovery_v1alpha1_manifest.go index 08ff9db82..af32a0cdc 100644 --- a/internal/provider/submariner_io_v1alpha1/submariner_io_service_discovery_v1alpha1_manifest.go +++ b/internal/provider/submariner_io_v1alpha1/submariner_io_service_discovery_v1alpha1_manifest.go @@ -50,8 +50,6 @@ type SubmarinerIoServiceDiscoveryV1Alpha1ManifestData struct { BrokerK8sRemoteNamespace *string `tfsdk:"broker_k8s_remote_namespace" json:"brokerK8sRemoteNamespace,omitempty"` BrokerK8sSecret *string `tfsdk:"broker_k8s_secret" json:"brokerK8sSecret,omitempty"` ClusterID *string `tfsdk:"cluster_id" json:"clusterID,omitempty"` - ClustersetIPCIDR *string `tfsdk:"clusterset_ipcidr" json:"clustersetIPCIDR,omitempty"` - ClustersetIPEnabled *bool `tfsdk:"clusterset_ip_enabled" json:"clustersetIPEnabled,omitempty"` CoreDNSCustomConfig *struct { ConfigMapName *string `tfsdk:"config_map_name" json:"configMapName,omitempty"` Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` @@ -208,22 +206,6 @@ func (r *SubmarinerIoServiceDiscoveryV1Alpha1Manifest) Schema(_ context.Context, Computed: false, }, - "clusterset_ipcidr": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - - "clusterset_ip_enabled": schema.BoolAttribute{ - Description: "", - MarkdownDescription: "", - Required: false, - Optional: true, - Computed: false, - }, - "core_dns_custom_config": schema.SingleNestedAttribute{ Description: "", MarkdownDescription: "", diff --git a/internal/provider/submariner_io_v1alpha1/submariner_io_submariner_v1alpha1_manifest.go b/internal/provider/submariner_io_v1alpha1/submariner_io_submariner_v1alpha1_manifest.go index b4e0513bf..a27ad9d47 100644 --- a/internal/provider/submariner_io_v1alpha1/submariner_io_submariner_v1alpha1_manifest.go +++ b/internal/provider/submariner_io_v1alpha1/submariner_io_submariner_v1alpha1_manifest.go @@ -61,8 +61,6 @@ type SubmarinerIoSubmarinerV1Alpha1ManifestData struct { CeIPSecPreferredServer *bool `tfsdk:"ce_ip_sec_preferred_server" json:"ceIPSecPreferredServer,omitempty"` ClusterCIDR *string `tfsdk:"cluster_cidr" json:"clusterCIDR,omitempty"` ClusterID *string `tfsdk:"cluster_id" json:"clusterID,omitempty"` - ClustersetIPCIDR *string `tfsdk:"clusterset_ipcidr" json:"clustersetIPCIDR,omitempty"` - ClustersetIPEnabled *bool `tfsdk:"clusterset_ip_enabled" json:"clustersetIPEnabled,omitempty"` ColorCodes *string `tfsdk:"color_codes" json:"colorCodes,omitempty"` ConnectionHealthCheck *struct { Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` @@ -317,22 +315,6 @@ func (r *SubmarinerIoSubmarinerV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, - "clusterset_ipcidr": schema.StringAttribute{ - Description: "ClustersetIP CIDR for allocating ClustersetIPs to exported services.", - MarkdownDescription: "ClustersetIP CIDR for allocating ClustersetIPs to exported services.", - Required: false, - Optional: true, - Computed: false, - }, - - "clusterset_ip_enabled": schema.BoolAttribute{ - Description: "Enable ClustersetIP default for services exported on this cluster.", - MarkdownDescription: "Enable ClustersetIP default for services exported on this cluster.", - Required: false, - Optional: true, - Computed: false, - }, - "color_codes": schema.StringAttribute{ Description: "", MarkdownDescription: "", diff --git a/internal/provider/volsync_backube_v1alpha1/volsync_backube_replication_destination_v1alpha1_manifest.go b/internal/provider/volsync_backube_v1alpha1/volsync_backube_replication_destination_v1alpha1_manifest.go index 94e6c3f4e..cb1ae241f 100644 --- a/internal/provider/volsync_backube_v1alpha1/volsync_backube_replication_destination_v1alpha1_manifest.go +++ b/internal/provider/volsync_backube_v1alpha1/volsync_backube_replication_destination_v1alpha1_manifest.go @@ -250,9 +250,8 @@ type VolsyncBackubeReplicationDestinationV1Alpha1ManifestData struct { Key *string `tfsdk:"key" json:"key,omitempty"` SecretName *string `tfsdk:"secret_name" json:"secretName,omitempty"` } `tfsdk:"custom_ca" json:"customCA,omitempty"` - DestinationPVC *string `tfsdk:"destination_pvc" json:"destinationPVC,omitempty"` - EnableFileDeletion *bool `tfsdk:"enable_file_deletion" json:"enableFileDeletion,omitempty"` - MoverAffinity *struct { + DestinationPVC *string `tfsdk:"destination_pvc" json:"destinationPVC,omitempty"` + MoverAffinity *struct { NodeAffinity *struct { PreferredDuringSchedulingIgnoredDuringExecution *[]struct { Preference *struct { @@ -2129,14 +2128,6 @@ func (r *VolsyncBackubeReplicationDestinationV1Alpha1Manifest) Schema(_ context. Computed: false, }, - "enable_file_deletion": schema.BoolAttribute{ - Description: "enableFileDeletion will pass the --delete flag to the restic restore command.This will remove files and directories in the pvc that do not exist in the snapshot being restored.Defaults to false.", - MarkdownDescription: "enableFileDeletion will pass the --delete flag to the restic restore command.This will remove files and directories in the pvc that do not exist in the snapshot being restored.Defaults to false.", - Required: false, - Optional: true, - Computed: false, - }, - "mover_affinity": schema.SingleNestedAttribute{ Description: "MoverAffinity allows specifying the PodAffinity that will be used by the data mover", MarkdownDescription: "MoverAffinity allows specifying the PodAffinity that will be used by the data mover", diff --git a/internal/provider/vpcresources_k8s_aws_v1alpha1/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.go b/internal/provider/vpcresources_k8s_aws_v1alpha1/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.go index 2bcdef4c4..b3ebcf018 100644 --- a/internal/provider/vpcresources_k8s_aws_v1alpha1/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.go +++ b/internal/provider/vpcresources_k8s_aws_v1alpha1/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.go @@ -112,8 +112,8 @@ func (r *VpcresourcesK8SAwsCninodeV1Alpha1Manifest) Schema(_ context.Context, _ }, "spec": schema.SingleNestedAttribute{ - Description: "Important: Run 'make' to regenerate code after modifying this fileCNINodeSpec defines the desired state of CNINode", - MarkdownDescription: "Important: Run 'make' to regenerate code after modifying this fileCNINodeSpec defines the desired state of CNINode", + Description: "Important: Run 'make' to regenerate code after modifying this file CNINodeSpec defines the desired state of CNINode", + MarkdownDescription: "Important: Run 'make' to regenerate code after modifying this file CNINodeSpec defines the desired state of CNINode", Attributes: map[string]schema.Attribute{ "features": schema.ListNestedAttribute{ Description: "", diff --git a/internal/provider/vpcresources_k8s_aws_v1beta1/vpcresources_k8s_aws_security_group_policy_v1beta1_manifest.go b/internal/provider/vpcresources_k8s_aws_v1beta1/vpcresources_k8s_aws_security_group_policy_v1beta1_manifest.go index 721f0945c..63eff1dd4 100644 --- a/internal/provider/vpcresources_k8s_aws_v1beta1/vpcresources_k8s_aws_security_group_policy_v1beta1_manifest.go +++ b/internal/provider/vpcresources_k8s_aws_v1beta1/vpcresources_k8s_aws_security_group_policy_v1beta1_manifest.go @@ -143,8 +143,8 @@ func (r *VpcresourcesK8SAwsSecurityGroupPolicyV1Beta1Manifest) Schema(_ context. MarkdownDescription: "SecurityGroupPolicySpec defines the desired state of SecurityGroupPolicy", Attributes: map[string]schema.Attribute{ "pod_selector": schema.SingleNestedAttribute{ - Description: "A label selector is a label query over a set of resources. The result of matchLabels andmatchExpressions are ANDed. An empty label selector matches all objects. A nulllabel selector matches no objects.", - MarkdownDescription: "A label selector is a label query over a set of resources. The result of matchLabels andmatchExpressions are ANDed. An empty label selector matches all objects. A nulllabel selector matches no objects.", + Description: "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + MarkdownDescription: "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -160,16 +160,16 @@ func (r *VpcresourcesK8SAwsSecurityGroupPolicyV1Beta1Manifest) Schema(_ context. }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -183,8 +183,8 @@ func (r *VpcresourcesK8SAwsSecurityGroupPolicyV1Beta1Manifest) Schema(_ context. }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -215,8 +215,8 @@ func (r *VpcresourcesK8SAwsSecurityGroupPolicyV1Beta1Manifest) Schema(_ context. }, "service_account_selector": schema.SingleNestedAttribute{ - Description: "A label selector is a label query over a set of resources. The result of matchLabels andmatchExpressions are ANDed. An empty label selector matches all objects. A nulllabel selector matches no objects.", - MarkdownDescription: "A label selector is a label query over a set of resources. The result of matchLabels andmatchExpressions are ANDed. An empty label selector matches all objects. A nulllabel selector matches no objects.", + Description: "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + MarkdownDescription: "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -232,16 +232,16 @@ func (r *VpcresourcesK8SAwsSecurityGroupPolicyV1Beta1Manifest) Schema(_ context. }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -255,8 +255,8 @@ func (r *VpcresourcesK8SAwsSecurityGroupPolicyV1Beta1Manifest) Schema(_ context. }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, From 4e6475b48ffb2f44d6c1827006c00c36f8202288 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Ho=C3=9F?= Date: Fri, 13 Sep 2024 16:35:39 +0200 Subject: [PATCH 4/5] format examples MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sebastian Hoß --- .../data-source.tf | 2 +- .../data-source.tf | 2 +- .../data-source.tf | 2 +- .../data-source.tf | 2 +- .../data-source.tf | 12 ++++++------ .../data-source.tf | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2_manifest/data-source.tf index f32371db4..e787199de 100644 --- a/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2_manifest/data-source.tf @@ -5,6 +5,6 @@ data "k8s_kyverno_io_cleanup_policy_v2_manifest" "example" { } spec = { schedule = "some-schedule" - match = {} + match = {} } } diff --git a/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2beta1_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2beta1_manifest/data-source.tf index 7938e3c4a..f7b9d6045 100644 --- a/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2beta1_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cleanup_policy_v2beta1_manifest/data-source.tf @@ -5,6 +5,6 @@ data "k8s_kyverno_io_cleanup_policy_v2beta1_manifest" "example" { } spec = { schedule = "some-schedule" - match = {} + match = {} } } diff --git a/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2_manifest/data-source.tf index 6d12a9115..9b215c331 100644 --- a/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2_manifest/data-source.tf @@ -4,6 +4,6 @@ data "k8s_kyverno_io_cluster_cleanup_policy_v2_manifest" "example" { } spec = { schedule = "some-schedule" - match = {} + match = {} } } diff --git a/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest/data-source.tf index 7461aee7a..eeac1d9d8 100644 --- a/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest/data-source.tf @@ -4,6 +4,6 @@ data "k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest" "example" { } spec = { schedule = "some-schedule" - match = {} + match = {} } } diff --git a/examples/data-sources/k8s_kyverno_io_cluster_policy_v1_manifest/data-source.tf b/examples/data-sources/k8s_kyverno_io_cluster_policy_v1_manifest/data-source.tf index ea0cfd211..0a19af0e6 100644 --- a/examples/data-sources/k8s_kyverno_io_cluster_policy_v1_manifest/data-source.tf +++ b/examples/data-sources/k8s_kyverno_io_cluster_policy_v1_manifest/data-source.tf @@ -5,7 +5,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "example" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" match = {} context = [ { @@ -33,7 +33,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "int_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" match = {} context = [ { @@ -61,7 +61,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "bool_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" match = {} context = [ { @@ -89,7 +89,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "array_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" match = {} context = [ { @@ -117,7 +117,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "map_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" match = {} context = [ { @@ -145,7 +145,7 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "mixed_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" match = {} context = [ { diff --git a/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest/data-source.tf b/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest/data-source.tf index 8ca046673..823273edc 100644 --- a/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest/data-source.tf +++ b/examples/data-sources/k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest/data-source.tf @@ -4,7 +4,7 @@ data "k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest" "example" { namespace = "some-namespace" } spec = { - type = "generic" + type = "generic" resources = [] secret_ref = { name = "some-secret" From c4186acc687744f3f1881dcf53f738b367301b13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Ho=C3=9F?= Date: Fri, 13 Sep 2024 16:37:15 +0200 Subject: [PATCH 5/5] re-generate docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sebastian Hoß --- ...ane_io_composition_revision_v1_manifest.md | 2 +- ...o_composition_revision_v1beta1_manifest.md | 2 +- ...net_io_feed_inventory_v1alpha1_manifest.md | 16 +- ...ernet_io_subscription_v1alpha1_manifest.md | 2 +- ...io_cluster_definition_v1alpha1_manifest.md | 2 +- ...kubeblocks_io_cluster_v1alpha1_manifest.md | 6 +- ..._component_definition_v1alpha1_manifest.md | 15 +- ..._io_component_version_v1alpha1_manifest.md | 2 +- ...ocks_io_configuration_v1alpha1_manifest.md | 3 +- ...spike_com_aerospike_cluster_v1_manifest.md | 1304 ++++++++--------- ..._com_aerospike_cluster_v1beta1_manifest.md | 1294 ++++++++-------- ...he_org_integration_platform_v1_manifest.md | 2 +- ...che_org_integration_profile_v1_manifest.md | 2 +- ...amel_apache_org_integration_v1_manifest.md | 2 +- ...e_org_kamelet_binding_v1alpha1_manifest.md | 2 +- .../camel_apache_org_pipe_v1_manifest.md | 2 +- ...h_rook_io_ceph_object_store_v1_manifest.md | 26 +- ...ph_rook_io_ceph_object_zone_v1_manifest.md | 24 +- ...um_bgp_peering_policy_v2alpha1_manifest.md | 74 +- ..._io_cilium_cidr_group_v2alpha1_manifest.md | 10 +- ...um_clusterwide_envoy_config_v2_manifest.md | 31 +- ..._clusterwide_network_policy_v2_manifest.md | 780 +++++----- ...ilium_egress_gateway_policy_v2_manifest.md | 34 +- ...cilium_endpoint_slice_v2alpha1_manifest.md | 10 +- ...lium_io_cilium_envoy_config_v2_manifest.md | 31 +- ...io_cilium_external_workload_v2_manifest.md | 8 +- .../cilium_io_cilium_identity_v2_manifest.md | 4 +- ...2_announcement_policy_v2alpha1_manifest.md | 24 +- ...load_balancer_ip_pool_v2alpha1_manifest.md | 21 +- ...ilium_local_redirect_policy_v2_manifest.md | 46 +- ...um_io_cilium_network_policy_v2_manifest.md | 780 +++++----- .../cilium_io_cilium_node_v2_manifest.md | 84 +- ...io_cilium_pod_ip_pool_v2alpha1_manifest.md | 6 +- ...ico_org_felix_configuration_v1_manifest.md | 4 +- ...ctcalico_org_ip_reservation_v1_manifest.md | 2 +- ...vices_k8s_aws_cluster_v1alpha1_manifest.md | 2 +- ...s_ingress_class_params_v1beta1_manifest.md | 2 +- ...serv_io_flow_collector_v1beta1_manifest.md | 35 +- ...serv_io_flow_collector_v1beta2_manifest.md | 93 +- ...ent_io_cluster_output_v1alpha2_manifest.md | 60 - ...tbit_fluent_io_output_v1alpha2_manifest.md | 60 - ...klift_konveyor_io_plan_v1beta1_manifest.md | 2 +- ...nginx_org_nginx_proxy_v1alpha1_manifest.md | 20 - .../gateway_solo_io_gateway_v1_manifest.md | 8 - ...o_io_matchable_http_gateway_v1_manifest.md | 4 - ...ateway_solo_io_route_option_v1_manifest.md | 62 - ...gateway_solo_io_route_table_v1_manifest.md | 62 - ...solo_io_virtual_host_option_v1_manifest.md | 3 - ...way_solo_io_virtual_service_v1_manifest.md | 65 - .../gloo_solo_io_upstream_v1_manifest.md | 28 - ...e_openshift_io_machine_pool_v1_manifest.md | 1 - ...cd_io_image_repository_v1beta1_manifest.md | 7 +- ...cd_io_image_repository_v1beta2_manifest.md | 16 +- ...mage_update_automation_v1beta1_manifest.md | 2 +- ...mage_update_automation_v1beta2_manifest.md | 2 +- ..._mariadb_com_maria_db_v1alpha1_manifest.md | 1 - ...ueue_x_k8s_io_workload_v1beta1_manifest.md | 127 +- .../kyverno_io_cleanup_policy_v2_manifest.md | 369 +++-- ...erno_io_cleanup_policy_v2beta1_manifest.md | 369 +++-- ...o_io_cluster_cleanup_policy_v2_manifest.md | 369 +++-- ...cluster_cleanup_policy_v2beta1_manifest.md | 369 +++-- .../kyverno_io_cluster_policy_v1_manifest.md | 818 +++++------ ...erno_io_cluster_policy_v2beta1_manifest.md | 416 +++--- ..._global_context_entry_v2alpha1_manifest.md | 10 - .../kyverno_io_policy_v1_manifest.md | 800 +++++----- .../kyverno_io_policy_v2beta1_manifest.md | 416 +++--- ...ervices_k8s_aws_alias_v1alpha1_manifest.md | 1 - ..._event_source_mapping_v1alpha1_manifest.md | 3 - ...s_function_url_config_v1alpha1_manifest.md | 1 - ...ices_k8s_aws_function_v1alpha1_manifest.md | 5 - ...vices_k8s_aws_version_v1alpha1_manifest.md | 1 - ...loki_grafana_com_loki_stack_v1_manifest.md | 113 -- ...m_alertmanager_config_v1alpha1_manifest.md | 132 +- ...om_alertmanager_config_v1beta1_manifest.md | 132 +- ...ing_coreos_com_alertmanager_v1_manifest.md | 11 +- ...ring_coreos_com_pod_monitor_v1_manifest.md | 6 +- ...monitoring_coreos_com_probe_v1_manifest.md | 6 +- ..._com_prometheus_agent_v1alpha1_manifest.md | 12 +- ...oring_coreos_com_prometheus_v1_manifest.md | 24 +- ...eos_com_scrape_config_v1alpha1_manifest.md | 186 +-- ..._coreos_com_service_monitor_v1_manifest.md | 6 +- ...o_cluster_info_import_v1alpha1_manifest.md | 2 +- ...ea_io_resource_export_v1alpha1_manifest.md | 2 +- ...ea_io_resource_import_v1alpha1_manifest.md | 2 +- ...oolkit_fluxcd_io_alert_v1beta1_manifest.md | 2 +- ...kit_fluxcd_io_receiver_v1beta1_manifest.md | 7 +- ...kit_fluxcd_io_receiver_v1beta2_manifest.md | 5 +- ...tigera_io_application_layer_v1_manifest.md | 1 - ...ator_tigera_io_installation_v1_manifest.md | 2 +- ...gera_io_intrusion_detection_v1_manifest.md | 64 - ...org_eclipse_che_che_cluster_v2_manifest.md | 9 - ...cona_com_percona_pg_cluster_v2_manifest.md | 25 - .../postgresql_cnpg_io_cluster_v1_manifest.md | 1 - ...ev_teleport_provision_token_v2_manifest.md | 1 - ...sonata_flow_platform_v1alpha08_manifest.md | 10 +- ...flow_org_sonata_flow_v1alpha08_manifest.md | 5 +- ...uled_spark_application_v1beta2_manifest.md | 2 - ...s_io_spark_application_v1beta2_manifest.md | 2 - .../submariner_io_broker_v1alpha1_manifest.md | 2 - ..._io_service_discovery_v1alpha1_manifest.md | 2 - ...mariner_io_submariner_v1alpha1_manifest.md | 2 - ...plication_destination_v1alpha1_manifest.md | 1 - ...rces_k8s_aws_cni_node_v1alpha1_manifest.md | 2 +- ..._security_group_policy_v1beta1_manifest.md | 16 +- 104 files changed, 4513 insertions(+), 5548 deletions(-) diff --git a/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1_manifest.md b/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1_manifest.md index a643f9696..803eccccf 100644 --- a/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1_manifest.md +++ b/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1_manifest.md @@ -55,7 +55,7 @@ Optional: Required: - `composite_type_ref` (Attributes) CompositeTypeRef specifies the type of composite resource that thiscomposition is compatible with. (see [below for nested schema](#nestedatt--spec--composite_type_ref)) -- `revision` (Number) Revision number. Newer revisions have larger numbers.This number can change. When a Composition transitions from state A-> B -> A there will be only two CompositionRevisions. Crossplane willedit the original CompositionRevision to change its revision number from0 to 2. +- `revision` (Number) Revision number. Newer revisions have larger numbers. Optional: diff --git a/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.md b/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.md index fd3e11f9d..bca05449f 100644 --- a/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.md +++ b/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.md @@ -55,7 +55,7 @@ Optional: Required: - `composite_type_ref` (Attributes) CompositeTypeRef specifies the type of composite resource that thiscomposition is compatible with. (see [below for nested schema](#nestedatt--spec--composite_type_ref)) -- `revision` (Number) Revision number. Newer revisions have larger numbers.This number can change. When a Composition transitions from state A-> B -> A there will be only two CompositionRevisions. Crossplane willedit the original CompositionRevision to change its revision number from0 to 2. +- `revision` (Number) Revision number. Newer revisions have larger numbers. Optional: diff --git a/docs/data-sources/apps_clusternet_io_feed_inventory_v1alpha1_manifest.md b/docs/data-sources/apps_clusternet_io_feed_inventory_v1alpha1_manifest.md index 3b3bcc6c9..16d2fd399 100644 --- a/docs/data-sources/apps_clusternet_io_feed_inventory_v1alpha1_manifest.md +++ b/docs/data-sources/apps_clusternet_io_feed_inventory_v1alpha1_manifest.md @@ -214,8 +214,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--feeds--replica_requirements--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--feeds--replica_requirements--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -275,8 +275,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--feeds--replica_requirements--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--feeds--replica_requirements--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -352,8 +352,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--feeds--replica_requirements--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--feeds--replica_requirements--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -413,8 +413,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--feeds--replica_requirements--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--feeds--replica_requirements--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. diff --git a/docs/data-sources/apps_clusternet_io_subscription_v1alpha1_manifest.md b/docs/data-sources/apps_clusternet_io_subscription_v1alpha1_manifest.md index 98f3f7506..82b680e46 100644 --- a/docs/data-sources/apps_clusternet_io_subscription_v1alpha1_manifest.md +++ b/docs/data-sources/apps_clusternet_io_subscription_v1alpha1_manifest.md @@ -220,7 +220,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--dividing_scheduling--dynamic_dividing--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. diff --git a/docs/data-sources/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.md index 973f51d5d..cf780a0c2 100644 --- a/docs/data-sources/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.md @@ -74,7 +74,7 @@ Optional: Required: -- `comp_def` (String) Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) that defines the Component's characteristics and behavior.The system selects the ComponentDefinition CR with the latest version that matches the pattern.This approach allows:1. Precise selection by providing the exact name of a ComponentDefinition CR.2. Flexible and automatic selection of the most up-to-date ComponentDefinition CR by specifying a name prefix or regular expression pattern.Once set, this field cannot be updated. +- `comp_def` (String) Specifies the name or prefix of the ComponentDefinition custom resource(CR) thatdefines the Component's characteristics and behavior.When a prefix is used, the system selects the ComponentDefinition CR with the latest version that matches the prefix.This approach allows:1. Precise selection by providing the exact name of a ComponentDefinition CR.2. Flexible and automatic selection of the most up-to-date ComponentDefinition CR by specifying a prefix.Once set, this field cannot be updated. - `name` (String) Defines the unique identifier of the component within the cluster topology.It follows IANA Service naming rules and is used as part of the Service's DNS name.The name must start with a lowercase letter, can contain lowercase letters, numbers,and hyphens, and must end with a lowercase letter or number.Cannot be updated once set. diff --git a/docs/data-sources/apps_kubeblocks_io_cluster_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_cluster_v1alpha1_manifest.md index 4e3cea79f..7a6cc2788 100644 --- a/docs/data-sources/apps_kubeblocks_io_cluster_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_cluster_v1alpha1_manifest.md @@ -55,7 +55,7 @@ Optional: Required: -- `termination_policy` (String) Specifies the behavior when a Cluster is deleted.It defines how resources, data, and backups associated with a Cluster are managed during termination.Choose a policy based on the desired level of resource cleanup and data preservation:- 'DoNotTerminate': Prevents deletion of the Cluster. This policy ensures that all resources remain intact.- 'Halt': Deletes Cluster resources like Pods and Services but retains Persistent Volume Claims (PVCs), allowing for data preservation while stopping other operations. Warning: Halt policy is deprecated in 0.9.1 and will have same meaning as DoNotTerminate.- 'Delete': Extends the 'Halt' policy by also removing PVCs, leading to a thorough cleanup while removing all persistent data.- 'WipeOut': An aggressive policy that deletes all Cluster resources, including volume snapshots and backups in external storage. This results in complete data removal and should be used cautiously, primarily in non-production environments to avoid irreversible data loss.Warning: Choosing an inappropriate termination policy can result in data loss.The 'WipeOut' policy is particularly risky in production environments due to its irreversible nature. +- `termination_policy` (String) Specifies the behavior when a Cluster is deleted.It defines how resources, data, and backups associated with a Cluster are managed during termination.Choose a policy based on the desired level of resource cleanup and data preservation:- 'DoNotTerminate': Prevents deletion of the Cluster. This policy ensures that all resources remain intact.- 'Halt': Deletes Cluster resources like Pods and Services but retains Persistent Volume Claims (PVCs), allowing for data preservation while stopping other operations.- 'Delete': Extends the 'Halt' policy by also removing PVCs, leading to a thorough cleanup while removing all persistent data.- 'WipeOut': An aggressive policy that deletes all Cluster resources, including volume snapshots and backups in external storage. This results in complete data removal and should be used cautiously, primarily in non-production environments to avoid irreversible data loss.Warning: Choosing an inappropriate termination policy can result in data loss.The 'WipeOut' policy is particularly risky in production environments due to its irreversible nature. Optional: @@ -116,7 +116,7 @@ Optional: - `affinity` (Attributes) Specifies a group of affinity scheduling rules for the Component.It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster.Deprecated since v0.10, replaced by the 'schedulingPolicy' field. (see [below for nested schema](#nestedatt--spec--component_specs--affinity)) - `annotations` (Map of String) Specifies Annotations to override or add for underlying Pods. -- `component_def` (String) Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) that defines the Component's characteristics and behavior.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'. +- `component_def` (String) References the name of a ComponentDefinition object.The ComponentDefinition specifies the behavior and characteristics of the Component.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'. - `component_def_ref` (String) References a ClusterComponentDefinition defined in the 'clusterDefinition.spec.componentDef' field.Must comply with the IANA service naming rule.Deprecated since v0.9,because defining Components in 'clusterDefinition.spec.componentDef' field has been deprecated.This field is replaced by the 'componentDef' field, use 'componentDef' instead.This field is maintained for backward compatibility and its use is discouraged.Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases.TODO +kubebuilder:validation:XValidation:rule='self == oldSelf',message='componentDefRef is immutable' - `configs` (Attributes List) Specifies the configuration content of a config template. (see [below for nested schema](#nestedatt--spec--component_specs--configs)) - `disable_exporter` (Boolean) Determines whether metrics exporter information is annotated on the Component's headless Service.If set to true, the following annotations will not be patched into the Service:- 'monitor.kubeblocks.io/path'- 'monitor.kubeblocks.io/port'- 'monitor.kubeblocks.io/scheme'These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. @@ -3688,7 +3688,7 @@ Optional: - `affinity` (Attributes) Specifies a group of affinity scheduling rules for the Component.It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster.Deprecated since v0.10, replaced by the 'schedulingPolicy' field. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--affinity)) - `annotations` (Map of String) Specifies Annotations to override or add for underlying Pods. -- `component_def` (String) Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) that defines the Component's characteristics and behavior.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'. +- `component_def` (String) References the name of a ComponentDefinition object.The ComponentDefinition specifies the behavior and characteristics of the Component.If both 'componentDefRef' and 'componentDef' are provided,the 'componentDef' will take precedence over 'componentDefRef'. - `component_def_ref` (String) References a ClusterComponentDefinition defined in the 'clusterDefinition.spec.componentDef' field.Must comply with the IANA service naming rule.Deprecated since v0.9,because defining Components in 'clusterDefinition.spec.componentDef' field has been deprecated.This field is replaced by the 'componentDef' field, use 'componentDef' instead.This field is maintained for backward compatibility and its use is discouraged.Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases.TODO +kubebuilder:validation:XValidation:rule='self == oldSelf',message='componentDefRef is immutable' - `configs` (Attributes List) Specifies the configuration content of a config template. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--configs)) - `disable_exporter` (Boolean) Determines whether metrics exporter information is annotated on the Component's headless Service.If set to true, the following annotations will not be patched into the Service:- 'monitor.kubeblocks.io/path'- 'monitor.kubeblocks.io/port'- 'monitor.kubeblocks.io/scheme'These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. diff --git a/docs/data-sources/apps_kubeblocks_io_component_definition_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_component_definition_v1alpha1_manifest.md index 840ab8888..831ac49c1 100644 --- a/docs/data-sources/apps_kubeblocks_io_component_definition_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_component_definition_v1alpha1_manifest.md @@ -3376,11 +3376,11 @@ Optional: Required: - `name` (String) Specifies the name of the configuration template. +- `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts. Optional: - `as_env_from` (List of String) Specifies the containers to inject the ConfigMap parameters as environment variables.This is useful when application images accept parameters through environment variables andgenerate the final configuration file in the startup script based on these variables.This field allows users to specify a list of container names, and KubeBlocks will inject the environmentvariables converted from the ConfigMap into these designated containers. This provides a flexible way topass the configuration items from the ConfigMap to the container without modifying the image.Deprecated: 'asEnvFrom' has been deprecated since 0.9.0 and will be removed in 0.10.0.Use 'injectEnvTo' instead. -- `as_secret` (Boolean) Whether to store the final rendered parameters as a secret. - `constraint_ref` (String) Specifies the name of the referenced configuration constraints object. - `default_mode` (Number) The operator attempts to set default file permissions for scripts (0555) and configurations (0444).However, certain database engines may require different file permissions.You can specify the desired file permissions here.Must be specified as an octal value between 0000 and 0777 (inclusive),or as a decimal value between 0 and 511 (inclusive).YAML supports both octal and decimal values for file permissions.Please note that this setting only affects the permissions of the files themselves.Directories within the specified path are not impacted by this setting.It's important to be aware that this setting might conflict with other optionsthat influence the file mode, such as fsGroup.In such cases, the resulting file mode may have additional bits set.Refers to documents of k8s.ConfigMapVolumeSource.defaultMode for more information. - `inject_env_to` (List of String) Specifies the containers to inject the ConfigMap parameters as environment variables.This is useful when application images accept parameters through environment variables andgenerate the final configuration file in the startup script based on these variables.This field allows users to specify a list of container names, and KubeBlocks will inject the environmentvariables converted from the ConfigMap into these designated containers. This provides a flexible way topass the configuration items from the ConfigMap to the container without modifying the image. @@ -3389,7 +3389,6 @@ Optional: - `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object.An empty namespace is equivalent to the 'default' namespace. - `re_render_resource_types` (List of String) Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes.In some scenarios, the configuration may need to be updated to reflect the changes in resource allocationor cluster topology. Examples:- Redis: adjust maxmemory after v-scale operation.- MySQL: increase max connections after v-scale operation.- Zookeeper: update zoo.cfg with new node addresses after h-scale operation. - `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. -- `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts. ### Nested Schema for `spec.configs.legacy_rendered_config_spec` @@ -4817,13 +4816,13 @@ Optional: Required: - `name` (String) Specifies the name of the configuration template. +- `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts. Optional: - `default_mode` (Number) The operator attempts to set default file permissions for scripts (0555) and configurations (0444).However, certain database engines may require different file permissions.You can specify the desired file permissions here.Must be specified as an octal value between 0000 and 0777 (inclusive),or as a decimal value between 0 and 511 (inclusive).YAML supports both octal and decimal values for file permissions.Please note that this setting only affects the permissions of the files themselves.Directories within the specified path are not impacted by this setting.It's important to be aware that this setting might conflict with other optionsthat influence the file mode, such as fsGroup.In such cases, the resulting file mode may have additional bits set.Refers to documents of k8s.ConfigMapVolumeSource.defaultMode for more information. - `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object.An empty namespace is equivalent to the 'default' namespace. - `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. -- `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts. @@ -5001,7 +5000,7 @@ Optional: Optional: -- `comp_def` (String) Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used. +- `comp_def` (String) CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used. - `component_name` (String) Reference to the name of the Component object. - `multiple_cluster_object_option` (Attributes) This option defines the behavior when multiple component objects match the specified @CompDef.If not provided, an error will be raised when handling multiple matches. (see [below for nested schema](#nestedatt--spec--vars--value_from--component_var_ref--multiple_cluster_object_option)) - `name` (String) Name of the referent object. @@ -5081,7 +5080,7 @@ Optional: Optional: -- `comp_def` (String) Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used. +- `comp_def` (String) CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used. - `multiple_cluster_object_option` (Attributes) This option defines the behavior when multiple component objects match the specified @CompDef.If not provided, an error will be raised when handling multiple matches. (see [below for nested schema](#nestedatt--spec--vars--value_from--credential_var_ref--multiple_cluster_object_option)) - `name` (String) Name of the referent object. - `optional` (Boolean) Specify whether the object must be defined. @@ -5125,7 +5124,7 @@ Required: Optional: -- `comp_def` (String) Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used. +- `comp_def` (String) CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used. - `container` (Attributes) ContainerVars defines the vars that can be referenced from a Container. (see [below for nested schema](#nestedatt--spec--vars--value_from--host_network_var_ref--container)) - `multiple_cluster_object_option` (Attributes) This option defines the behavior when multiple component objects match the specified @CompDef.If not provided, an error will be raised when handling multiple matches. (see [below for nested schema](#nestedatt--spec--vars--value_from--host_network_var_ref--multiple_cluster_object_option)) - `name` (String) Name of the referent object. @@ -5202,7 +5201,7 @@ Optional: Optional: -- `comp_def` (String) Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used. +- `comp_def` (String) CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used. - `endpoint` (String) VarOption defines whether a variable is required or optional. - `host` (String) VarOption defines whether a variable is required or optional. - `multiple_cluster_object_option` (Attributes) This option defines the behavior when multiple component objects match the specified @CompDef.If not provided, an error will be raised when handling multiple matches. (see [below for nested schema](#nestedatt--spec--vars--value_from--service_ref_var_ref--multiple_cluster_object_option)) @@ -5249,7 +5248,7 @@ Required: Optional: -- `comp_def` (String) Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinitioncustom resource (CR) used by the component that the referent object resident in.If not specified, the component itself will be used. +- `comp_def` (String) CompDef specifies the definition used by the component that the referent object resident in.If not specified, the component itself will be used. - `host` (String) VarOption defines whether a variable is required or optional. - `load_balancer` (String) LoadBalancer represents the LoadBalancer ingress point of the service.If multiple ingress points are available, the first one will be used automatically, choosing between IP and Hostname. - `multiple_cluster_object_option` (Attributes) This option defines the behavior when multiple component objects match the specified @CompDef.If not provided, an error will be raised when handling multiple matches. (see [below for nested schema](#nestedatt--spec--vars--value_from--service_var_ref--multiple_cluster_object_option)) diff --git a/docs/data-sources/apps_kubeblocks_io_component_version_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_component_version_v1alpha1_manifest.md index c300a6c76..f38019758 100644 --- a/docs/data-sources/apps_kubeblocks_io_component_version_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_component_version_v1alpha1_manifest.md @@ -62,7 +62,7 @@ Required: Required: -- `comp_defs` (List of String) CompDefs specifies names for the component definitions associated with this ComponentVersion.Each name in the list can represent an exact name, a name prefix, or a regular expression pattern.For example:- 'mysql-8.0.30-v1alpha1': Matches the exact name 'mysql-8.0.30-v1alpha1'- 'mysql-8.0.30': Matches all names starting with 'mysql-8.0.30'- '^mysql-8.0.d{1,2}$': Matches all names starting with 'mysql-8.0.' followed by one or two digits. +- `comp_defs` (List of String) CompDefs specifies names for the component definitions associated with this ComponentVersion.Each name in the list can represent an exact name, or a name prefix.For example:- 'mysql-8.0.30-v1alpha1': Matches the exact name 'mysql-8.0.30-v1alpha1'- 'mysql-8.0.30': Matches all names starting with 'mysql-8.0.30' - `releases` (List of String) Releases is a list of identifiers for the releases. diff --git a/docs/data-sources/apps_kubeblocks_io_configuration_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_configuration_v1alpha1_manifest.md index 745c688c3..7cbdaf72a 100644 --- a/docs/data-sources/apps_kubeblocks_io_configuration_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_configuration_v1alpha1_manifest.md @@ -92,11 +92,11 @@ Optional: Required: - `name` (String) Specifies the name of the configuration template. +- `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts. Optional: - `as_env_from` (List of String) Specifies the containers to inject the ConfigMap parameters as environment variables.This is useful when application images accept parameters through environment variables andgenerate the final configuration file in the startup script based on these variables.This field allows users to specify a list of container names, and KubeBlocks will inject the environmentvariables converted from the ConfigMap into these designated containers. This provides a flexible way topass the configuration items from the ConfigMap to the container without modifying the image.Deprecated: 'asEnvFrom' has been deprecated since 0.9.0 and will be removed in 0.10.0.Use 'injectEnvTo' instead. -- `as_secret` (Boolean) Whether to store the final rendered parameters as a secret. - `constraint_ref` (String) Specifies the name of the referenced configuration constraints object. - `default_mode` (Number) The operator attempts to set default file permissions for scripts (0555) and configurations (0444).However, certain database engines may require different file permissions.You can specify the desired file permissions here.Must be specified as an octal value between 0000 and 0777 (inclusive),or as a decimal value between 0 and 511 (inclusive).YAML supports both octal and decimal values for file permissions.Please note that this setting only affects the permissions of the files themselves.Directories within the specified path are not impacted by this setting.It's important to be aware that this setting might conflict with other optionsthat influence the file mode, such as fsGroup.In such cases, the resulting file mode may have additional bits set.Refers to documents of k8s.ConfigMapVolumeSource.defaultMode for more information. - `inject_env_to` (List of String) Specifies the containers to inject the ConfigMap parameters as environment variables.This is useful when application images accept parameters through environment variables andgenerate the final configuration file in the startup script based on these variables.This field allows users to specify a list of container names, and KubeBlocks will inject the environmentvariables converted from the ConfigMap into these designated containers. This provides a flexible way topass the configuration items from the ConfigMap to the container without modifying the image. @@ -105,7 +105,6 @@ Optional: - `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object.An empty namespace is equivalent to the 'default' namespace. - `re_render_resource_types` (List of String) Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes.In some scenarios, the configuration may need to be updated to reflect the changes in resource allocationor cluster topology. Examples:- Redis: adjust maxmemory after v-scale operation.- MySQL: increase max connections after v-scale operation.- Zookeeper: update zoo.cfg with new node addresses after h-scale operation. - `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. -- `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configurationtemplate will be mounted to the corresponding volume. Must be a DNS_LABEL name.The volume name must be defined in podSpec.containers[*].volumeMounts. ### Nested Schema for `spec.config_item_details.config_spec.legacy_rendered_config_spec` diff --git a/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1_manifest.md b/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1_manifest.md index b8a7f8e53..6c505ea3e 100644 --- a/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1_manifest.md +++ b/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1_manifest.md @@ -69,16 +69,16 @@ Optional: - `aerospike_access_control` (Attributes) Has the Aerospike roles and users definitions. Required if aerospike cluster security is enabled. (see [below for nested schema](#nestedatt--spec--aerospike_access_control)) - `aerospike_network_policy` (Attributes) AerospikeNetworkPolicy specifies how clients and tools access the Aerospike cluster. (see [below for nested schema](#nestedatt--spec--aerospike_network_policy)) - `disable_pdb` (Boolean) Disable the PodDisruptionBudget creation for the Aerospike cluster. -- `enable_dynamic_config_update` (Boolean) EnableDynamicConfigUpdate enables dynamic config update flow of the operator.If enabled, operator will try to update the Aerospike config dynamically.In case of inconsistent state during dynamic config update, operator falls back to rolling restart. -- `k8s_node_block_list` (List of String) K8sNodeBlockList is a list of Kubernetes nodes which are not used for Aerospike pods. Pods are not scheduled onthese nodes. Pods are migrated from these nodes if already present. This is useful for the maintenance ofKubernetes nodes. -- `max_unavailable` (String) MaxUnavailable is the percentage/number of pods that can be allowed to go down or unavailable before applicationdisruption. This value is used to create PodDisruptionBudget. Defaults to 1.Refer Aerospike documentation for more details. +- `enable_dynamic_config_update` (Boolean) EnableDynamicConfigUpdate enables dynamic config update flow of the operator. If enabled, operator will try to update the Aerospike config dynamically. In case of inconsistent state during dynamic config update, operator falls back to rolling restart. +- `k8s_node_block_list` (List of String) K8sNodeBlockList is a list of Kubernetes nodes which are not used for Aerospike pods. Pods are not scheduled on these nodes. Pods are migrated from these nodes if already present. This is useful for the maintenance of Kubernetes nodes. +- `max_unavailable` (String) MaxUnavailable is the percentage/number of pods that can be allowed to go down or unavailable before application disruption. This value is used to create PodDisruptionBudget. Defaults to 1. Refer Aerospike documentation for more details. - `operations` (Attributes List) Operations is a list of on-demand operations to be performed on the Aerospike cluster. (see [below for nested schema](#nestedatt--spec--operations)) - `operator_client_cert` (Attributes) Certificates to connect to Aerospike. (see [below for nested schema](#nestedatt--spec--operator_client_cert)) - `paused` (Boolean) Paused flag is used to pause the reconciliation for the AerospikeCluster. - `pod_spec` (Attributes) Specify additional configuration for the Aerospike pods (see [below for nested schema](#nestedatt--spec--pod_spec)) -- `rack_config` (Attributes) RackConfig Configures the operator to deploy rack aware Aerospike cluster.Pods will be deployed in given racks based on given configuration (see [below for nested schema](#nestedatt--spec--rack_config)) +- `rack_config` (Attributes) RackConfig Configures the operator to deploy rack aware Aerospike cluster. Pods will be deployed in given racks based on given configuration (see [below for nested schema](#nestedatt--spec--rack_config)) - `roster_node_block_list` (List of String) RosterNodeBlockList is a list of blocked nodeIDs from roster in a strong-consistency setup -- `seeds_finder_services` (Attributes) SeedsFinderServices creates additional Kubernetes service that allowclients to discover Aerospike cluster nodes. (see [below for nested schema](#nestedatt--spec--seeds_finder_services)) +- `seeds_finder_services` (Attributes) SeedsFinderServices creates additional Kubernetes service that allow clients to discover Aerospike cluster nodes. (see [below for nested schema](#nestedatt--spec--seeds_finder_services)) - `storage` (Attributes) Storage specify persistent storage to use for the Aerospike pods (see [below for nested schema](#nestedatt--spec--storage)) - `validation_policy` (Attributes) ValidationPolicy controls validation of the Aerospike cluster resource. (see [below for nested schema](#nestedatt--spec--validation_policy)) @@ -101,7 +101,7 @@ Required: - `name` (String) Name is the user's username. - `roles` (List of String) Roles is the list of roles granted to the user. -- `secret_name` (String) SecretName has secret info created by user. User needs to create this secret from password literal.eg: kubectl create secret generic dev-db-secret --from-literal=password='password' +- `secret_name` (String) SecretName has secret info created by user. User needs to create this secret from password literal. eg: kubectl create secret generic dev-db-secret --from-literal=password='password' @@ -133,18 +133,18 @@ Optional: Optional: -- `access` (String) AccessType is the type of network address to use for Aerospike access address.Defaults to hostInternal. -- `alternate_access` (String) AlternateAccessType is the type of network address to use for Aerospike alternate access address.Defaults to hostExternal. -- `custom_access_network_names` (List of String) CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' access type. -- `custom_alternate_access_network_names` (List of String) CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospikealternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' alternateAccess type -- `custom_fabric_network_names` (List of String) CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' fabric type -- `custom_tls_access_network_names` (List of String) CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAccess type -- `custom_tls_alternate_access_network_names` (List of String) CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLSalternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAlternateAccess type -- `custom_tls_fabric_network_names` (List of String) CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign networkinterfaces to the pod.Required with 'customInterface' tlsFabric type -- `fabric` (String) FabricType is the type of network address to use for Aerospike fabric address.Defaults is empty meaning all interfaces 'any'. -- `tls_access` (String) TLSAccessType is the type of network address to use for Aerospike TLS access address.Defaults to hostInternal. -- `tls_alternate_access` (String) TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address.Defaults to hostExternal. -- `tls_fabric` (String) TLSFabricType is the type of network address to use for Aerospike TLS fabric address.Defaults is empty meaning all interfaces 'any'. +- `access` (String) AccessType is the type of network address to use for Aerospike access address. Defaults to hostInternal. +- `alternate_access` (String) AlternateAccessType is the type of network address to use for Aerospike alternate access address. Defaults to hostExternal. +- `custom_access_network_names` (List of String) CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' access type. +- `custom_alternate_access_network_names` (List of String) CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' alternateAccess type +- `custom_fabric_network_names` (List of String) CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' fabric type +- `custom_tls_access_network_names` (List of String) CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAccess type +- `custom_tls_alternate_access_network_names` (List of String) CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAlternateAccess type +- `custom_tls_fabric_network_names` (List of String) CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsFabric type +- `fabric` (String) FabricType is the type of network address to use for Aerospike fabric address. Defaults is empty meaning all interfaces 'any'. +- `tls_access` (String) TLSAccessType is the type of network address to use for Aerospike TLS access address. Defaults to hostInternal. +- `tls_alternate_access` (String) TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address. Defaults to hostExternal. +- `tls_fabric` (String) TLSFabricType is the type of network address to use for Aerospike TLS fabric address. Defaults is empty meaning all interfaces 'any'. @@ -165,7 +165,7 @@ Optional: Optional: -- `cert_path_in_operator` (Attributes) AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospikecluster.All paths are on operator's filesystem. (see [below for nested schema](#nestedatt--spec--operator_client_cert--cert_path_in_operator)) +- `cert_path_in_operator` (Attributes) AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospike cluster. All paths are on operator's filesystem. (see [below for nested schema](#nestedatt--spec--operator_client_cert--cert_path_in_operator)) - `secret_cert_source` (Attributes) (see [below for nested schema](#nestedatt--spec--operator_client_cert--secret_cert_source)) - `tls_client_name` (String) If specified, this name will be added to tls-authenticate-client list by the operator @@ -213,19 +213,19 @@ Optional: Optional: -- `aerospike_container` (Attributes) AerospikeContainerSpec configures the aerospike-server containercreated by the operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container)) -- `aerospike_init_container` (Attributes) AerospikeInitContainerSpec configures the aerospike-init containercreated by the operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container)) +- `aerospike_container` (Attributes) AerospikeContainerSpec configures the aerospike-server container created by the operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container)) +- `aerospike_init_container` (Attributes) AerospikeInitContainerSpec configures the aerospike-init container created by the operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container)) - `affinity` (Attributes) Affinity rules for pod placement. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity)) -- `dns_config` (Attributes) DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.This is required field when dnsPolicy is set to 'None' (see [below for nested schema](#nestedatt--spec--pod_spec--dns_config)) -- `dns_policy` (String) DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy.If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet +- `dns_config` (Attributes) DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy. This is required field when dnsPolicy is set to 'None' (see [below for nested schema](#nestedatt--spec--pod_spec--dns_config)) +- `dns_policy` (String) DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet - `effective_dns_policy` (String) Effective value of the DNSPolicy -- `host_network` (Boolean) HostNetwork enables host networking for the pod.To enable hostNetwork multiPodPerHost must be false. -- `image_pull_secrets` (Attributes List) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any ofthe images used by this PodSpec.More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--pod_spec--image_pull_secrets)) +- `host_network` (Boolean) HostNetwork enables host networking for the pod. To enable hostNetwork multiPodPerHost must be false. +- `image_pull_secrets` (Attributes List) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--pod_spec--image_pull_secrets)) - `init_containers` (Attributes List) InitContainers to add to the pods. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers)) - `metadata` (Attributes) MetaData to add to the pod. (see [below for nested schema](#nestedatt--spec--pod_spec--metadata)) -- `multi_pod_per_host` (Boolean) If set true then multiple pods can be created per Kubernetes Node.This will create a NodePort service for each Pod if aerospikeNetworkPolicy definedhas one of the network types: 'hostInternal', 'hostExternal', 'configuredIP'NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes ,and any traffic that is sent to this port is forwarded to the service.Here service picks a random port in range (30000-32767), so these port should be open.If set false then only single pod can be created per Kubernetes Node.This will create Pods using hostPort setting.The container port will be exposed to the external network at :,where the hostIP is the IP address of the Kubernetes Node where the container is running andthe hostPort is the port requested by the user. +- `multi_pod_per_host` (Boolean) If set true then multiple pods can be created per Kubernetes Node. This will create a NodePort service for each Pod if aerospikeNetworkPolicy defined has one of the network types: 'hostInternal', 'hostExternal', 'configuredIP' NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes , and any traffic that is sent to this port is forwarded to the service. Here service picks a random port in range (30000-32767), so these port should be open. If set false then only single pod can be created per Kubernetes Node. This will create Pods using hostPort setting. The container port will be exposed to the external network at :, where the hostIP is the IP address of the Kubernetes Node where the container is running and the hostPort is the port requested by the user. - `node_selector` (Map of String) NodeSelector constraints for this pod. -- `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context)) +- `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context)) - `sidecars` (Attributes List) Sidecars to add to the pod. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars)) - `tolerations` (Attributes List) Tolerations for this pod. (see [below for nested schema](#nestedatt--spec--pod_spec--tolerations)) @@ -234,7 +234,7 @@ Optional: Optional: -- `resources` (Attributes) Define resources requests and limits for Aerospike Server Container.Please contact aerospike for proper sizing exerciseOnly Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--resources)) +- `resources` (Attributes) Define resources requests and limits for Aerospike Server Container. Please contact aerospike for proper sizing exercise Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--resources)) - `security_context` (Attributes) SecurityContext that will be added to aerospike-server container created by operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context)) @@ -242,16 +242,16 @@ Optional: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--resources--claims)) -- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--resources--claims)) +- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ### Nested Schema for `spec.pod_spec.aerospike_container.resources.claims` Required: -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. +- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. @@ -260,17 +260,17 @@ Required: Optional: -- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--capabilities)) -- `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. -- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--windows_options)) +- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--capabilities)) +- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.aerospike_container.security_context.capabilities` @@ -297,11 +297,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -309,10 +309,10 @@ Optional: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -322,10 +322,8 @@ Optional: Optional: -- `image_name_and_tag` (String) ImageNameAndTag is the name:tag of aerospike-init container image -- `image_registry` (String) ImageRegistry is the name of image registry for aerospike-init container imageImageRegistry, e.g. docker.io, redhat.access.com -- `image_registry_namespace` (String) ImageRegistryNamespace is the name of namespace in registry for aerospike-init container image -- `resources` (Attributes) Define resources requests and limits for Aerospike init Container.Only Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--resources)) +- `image_registry` (String) ImageRegistry is the name of image registry for aerospike-init container image ImageRegistry, e.g. docker.io, redhat.access.com +- `resources` (Attributes) Define resources requests and limits for Aerospike init Container. Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--resources)) - `security_context` (Attributes) SecurityContext that will be added to aerospike-init container created by operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context)) @@ -333,16 +331,16 @@ Optional: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--resources--claims)) -- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--resources--claims)) +- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ### Nested Schema for `spec.pod_spec.aerospike_init_container.resources.claims` Required: -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. +- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. @@ -351,17 +349,17 @@ Required: Optional: -- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--capabilities)) -- `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. -- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--windows_options)) +- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--capabilities)) +- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.aerospike_init_container.security_context.capabilities` @@ -388,11 +386,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -400,10 +398,10 @@ Optional: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -422,8 +420,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.pod_spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution` @@ -447,11 +445,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -460,11 +458,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -490,11 +488,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -503,11 +501,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -518,8 +516,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution` @@ -527,22 +525,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -550,7 +548,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -558,11 +556,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -572,7 +570,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -580,11 +578,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -595,15 +593,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -611,7 +609,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -619,11 +617,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -633,7 +631,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -641,11 +639,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -656,8 +654,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` @@ -665,22 +663,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -688,7 +686,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -696,11 +694,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -710,7 +708,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -718,11 +716,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -733,15 +731,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -749,7 +747,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -757,11 +755,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -771,7 +769,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -779,11 +777,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -795,9 +793,9 @@ Optional: Optional: -- `nameservers` (List of String) A list of DNS name server IP addresses.This will be appended to the base nameservers generated from DNSPolicy.Duplicated nameservers will be removed. -- `options` (Attributes List) A list of DNS resolver options.This will be merged with the base options generated from DNSPolicy.Duplicated entries will be removed. Resolution options given in Optionswill override those that appear in the base DNSPolicy. (see [below for nested schema](#nestedatt--spec--pod_spec--dns_config--options)) -- `searches` (List of String) A list of DNS search domains for host-name lookup.This will be appended to the base search paths generated from DNSPolicy.Duplicated search paths will be removed. +- `nameservers` (List of String) A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. +- `options` (Attributes List) A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. (see [below for nested schema](#nestedatt--spec--pod_spec--dns_config--options)) +- `searches` (List of String) A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. ### Nested Schema for `spec.pod_spec.dns_config.options` @@ -814,7 +812,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -822,33 +820,33 @@ Optional: Required: -- `name` (String) Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated. +- `name` (String) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. Optional: -- `args` (List of String) Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `command` (List of String) Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `env` (Attributes List) List of environment variables to set in the container.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env)) -- `env_from` (Attributes List) List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env_from)) -- `image` (String) Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets. -- `image_pull_policy` (String) Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images -- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle)) -- `liveness_probe` (Attributes) Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe)) -- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--ports)) -- `readiness_probe` (Attributes) Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe)) +- `args` (List of String) Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +- `command` (List of String) Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env)) +- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env_from)) +- `image` (String) Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. +- `image_pull_policy` (String) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images +- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle)) +- `liveness_probe` (Attributes) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe)) +- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--ports)) +- `readiness_probe` (Attributes) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe)) - `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resize_policy)) -- `resources` (Attributes) Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resources)) -- `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted. -- `security_context` (Attributes) SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context)) -- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe)) -- `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false. -- `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false -- `termination_message_path` (String) Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated. -- `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated. -- `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false. +- `resources` (Attributes) Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resources)) +- `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +- `security_context` (Attributes) SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context)) +- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe)) +- `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. +- `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false +- `termination_message_path` (String) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. +- `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. +- `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--volume_devices)) -- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--volume_mounts)) -- `working_dir` (String) Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated. +- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--volume_mounts)) +- `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. ### Nested Schema for `spec.pod_spec.init_containers.env` @@ -859,7 +857,7 @@ Required: Optional: -- `value` (String) Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''. +- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''. - `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from)) @@ -868,8 +866,8 @@ Optional: Optional: - `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--config_map_key_ref)) -- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--field_ref)) -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--resource_field_ref)) +- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--resource_field_ref)) - `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--secret_key_ref)) @@ -881,7 +879,7 @@ Required: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined @@ -919,7 +917,7 @@ Required: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the Secret or its key must be defined @@ -939,7 +937,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the ConfigMap must be defined @@ -948,7 +946,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the Secret must be defined @@ -958,8 +956,8 @@ Optional: Optional: -- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start)) -- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop)) +- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start)) +- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop)) ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.post_start` @@ -969,14 +967,14 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--http_get)) - `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--sleep)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--tcp_socket)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--tcp_socket)) ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.post_start.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -984,21 +982,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.post_start.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1016,7 +1014,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1032,14 +1030,14 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--http_get)) - `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--sleep)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--tcp_socket)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--tcp_socket)) ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.pre_stop.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1047,21 +1045,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.pre_stop.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1079,7 +1077,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1094,22 +1092,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.init_containers.liveness_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1121,7 +1119,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1129,21 +1127,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.liveness_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1153,7 +1151,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1166,14 +1164,14 @@ Optional: Required: -- `container_port` (Number) Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536. +- `container_port` (Number) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. Optional: - `host_ip` (String) What host IP to bind the external port to. -- `host_port` (Number) Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this. -- `name` (String) If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services. -- `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'. +- `host_port` (Number) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. +- `name` (String) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. +- `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'. @@ -1182,22 +1180,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.init_containers.readiness_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1209,7 +1207,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1217,21 +1215,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.readiness_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1241,7 +1239,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1254,8 +1252,8 @@ Optional: Required: -- `resource_name` (String) Name of the resource to which this resource resize policy applies.Supported values: cpu, memory. -- `restart_policy` (String) Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired. +- `resource_name` (String) Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. +- `restart_policy` (String) Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. @@ -1263,16 +1261,16 @@ Required: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resources--claims)) -- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resources--claims)) +- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ### Nested Schema for `spec.pod_spec.init_containers.resources.claims` Required: -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. +- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. @@ -1281,17 +1279,17 @@ Required: Optional: -- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--capabilities)) -- `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. -- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--windows_options)) +- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--capabilities)) +- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.init_containers.security_context.capabilities` @@ -1318,11 +1316,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -1330,10 +1328,10 @@ Optional: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -1343,22 +1341,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.init_containers.startup_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1370,7 +1368,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1378,21 +1376,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.startup_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1402,7 +1400,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1424,15 +1422,15 @@ Required: Required: -- `mount_path` (String) Path within the container at which the volume should be mounted. Mustnot contain ':'. +- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'. - `name` (String) This must match the Name of a Volume. Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -1450,16 +1448,16 @@ Optional: Optional: -- `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. -- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to all containers.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in SecurityContext. If set inboth SecurityContext and PodSecurityContext, the value specified in SecurityContexttakes precedence for that container.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--seccomp_profile)) -- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in additionto the container's primary GID, the fsGroup (if specified), and group membershipsdefined in the container image for the uid of the container process. If unspecified,no additional groups are added to any container. Note that group membershipsdefined in the container image for the uid of the container process are still effective,even if they are not included in this list.Note that this field cannot be set when spec.os.name is windows. -- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--sysctls)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--windows_options)) +- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. +- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--seccomp_profile)) +- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. +- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--sysctls)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.security_context.se_linux_options` @@ -1477,11 +1475,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -1498,10 +1496,10 @@ Required: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -1510,33 +1508,33 @@ Optional: Required: -- `name` (String) Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated. +- `name` (String) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. Optional: -- `args` (List of String) Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `command` (List of String) Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `env` (Attributes List) List of environment variables to set in the container.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env)) -- `env_from` (Attributes List) List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env_from)) -- `image` (String) Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets. -- `image_pull_policy` (String) Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images -- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle)) -- `liveness_probe` (Attributes) Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe)) -- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--ports)) -- `readiness_probe` (Attributes) Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe)) +- `args` (List of String) Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +- `command` (List of String) Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env)) +- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env_from)) +- `image` (String) Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. +- `image_pull_policy` (String) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images +- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle)) +- `liveness_probe` (Attributes) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe)) +- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--ports)) +- `readiness_probe` (Attributes) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe)) - `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resize_policy)) -- `resources` (Attributes) Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resources)) -- `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted. -- `security_context` (Attributes) SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context)) -- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe)) -- `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false. -- `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false -- `termination_message_path` (String) Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated. -- `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated. -- `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false. +- `resources` (Attributes) Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resources)) +- `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +- `security_context` (Attributes) SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context)) +- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe)) +- `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. +- `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false +- `termination_message_path` (String) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. +- `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. +- `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--volume_devices)) -- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--volume_mounts)) -- `working_dir` (String) Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated. +- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--volume_mounts)) +- `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. ### Nested Schema for `spec.pod_spec.sidecars.env` @@ -1547,7 +1545,7 @@ Required: Optional: -- `value` (String) Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''. +- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''. - `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from)) @@ -1556,8 +1554,8 @@ Optional: Optional: - `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--config_map_key_ref)) -- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--field_ref)) -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--resource_field_ref)) +- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--resource_field_ref)) - `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--secret_key_ref)) @@ -1569,7 +1567,7 @@ Required: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined @@ -1607,7 +1605,7 @@ Required: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the Secret or its key must be defined @@ -1627,7 +1625,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the ConfigMap must be defined @@ -1636,7 +1634,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the Secret must be defined @@ -1646,8 +1644,8 @@ Optional: Optional: -- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start)) -- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop)) +- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start)) +- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop)) ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.post_start` @@ -1657,14 +1655,14 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--http_get)) - `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--sleep)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--tcp_socket)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--tcp_socket)) ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.post_start.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1672,21 +1670,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.post_start.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1704,7 +1702,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1720,14 +1718,14 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--http_get)) - `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--sleep)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--tcp_socket)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--tcp_socket)) ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.pre_stop.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1735,21 +1733,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.pre_stop.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1767,7 +1765,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1782,22 +1780,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.sidecars.liveness_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1809,7 +1807,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1817,21 +1815,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.liveness_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1841,7 +1839,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1854,14 +1852,14 @@ Optional: Required: -- `container_port` (Number) Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536. +- `container_port` (Number) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. Optional: - `host_ip` (String) What host IP to bind the external port to. -- `host_port` (Number) Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this. -- `name` (String) If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services. -- `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'. +- `host_port` (Number) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. +- `name` (String) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. +- `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'. @@ -1870,22 +1868,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.sidecars.readiness_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1897,7 +1895,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1905,21 +1903,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.readiness_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1929,7 +1927,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1942,8 +1940,8 @@ Optional: Required: -- `resource_name` (String) Name of the resource to which this resource resize policy applies.Supported values: cpu, memory. -- `restart_policy` (String) Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired. +- `resource_name` (String) Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. +- `restart_policy` (String) Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. @@ -1951,16 +1949,16 @@ Required: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resources--claims)) -- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resources--claims)) +- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ### Nested Schema for `spec.pod_spec.sidecars.resources.claims` Required: -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. +- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. @@ -1969,17 +1967,17 @@ Required: Optional: -- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--capabilities)) -- `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. -- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--windows_options)) +- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--capabilities)) +- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.sidecars.security_context.capabilities` @@ -2006,11 +2004,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -2018,10 +2016,10 @@ Optional: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -2031,22 +2029,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.sidecars.startup_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -2058,7 +2056,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -2066,21 +2064,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.startup_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -2090,7 +2088,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -2112,15 +2110,15 @@ Required: Required: -- `mount_path` (String) Path within the container at which the volume should be mounted. Mustnot contain ':'. +- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'. - `name` (String) This must match the Name of a Volume. Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -2129,11 +2127,11 @@ Optional: Optional: -- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. -- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys. -- `operator` (String) Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category. -- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system. -- `value` (String) Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string. +- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. @@ -2142,7 +2140,7 @@ Optional: Optional: -- `max_ignorable_pods` (String) MaxIgnorablePods is the maximum number/percentage of pending/failed pods in a rack that are ignored whileassessing cluster stability. Pods identified using this value are not considered part of the cluster.Additionally, in SC mode clusters, these pods are removed from the roster.This is particularly useful when some pods are stuck in pending/failed state due to any scheduling issues andcannot be fixed by simply updating the CR.It enables the operator to perform specific operations on the cluster, like changing Aerospike configurations,without being hindered by these problematic pods.Remember to set MaxIgnorablePods back to 0 once the required operation is done.This makes sure that later on, all pods are properly counted when evaluating the cluster stability. +- `max_ignorable_pods` (String) MaxIgnorablePods is the maximum number/percentage of pending/failed pods in a rack that are ignored while assessing cluster stability. Pods identified using this value are not considered part of the cluster. Additionally, in SC mode clusters, these pods are removed from the roster. This is particularly useful when some pods are stuck in pending/failed state due to any scheduling issues and cannot be fixed by simply updating the CR. It enables the operator to perform specific operations on the cluster, like changing Aerospike configurations, without being hindered by these problematic pods. Remember to set MaxIgnorablePods back to 0 once the required operation is done. This makes sure that later on, all pods are properly counted when evaluating the cluster stability. - `namespaces` (List of String) List of Aerospike namespaces for which rack feature will be enabled - `racks` (Attributes List) Racks is the list of all racks (see [below for nested schema](#nestedatt--spec--rack_config--racks)) - `rolling_update_batch_size` (String) RollingUpdateBatchSize is the percentage/number of rack pods that can be restarted simultaneously @@ -2158,12 +2156,12 @@ Required: Optional: - `aerospike_config` (Map of String) AerospikeConfig overrides the common AerospikeConfig for this Rack. This is merged with global Aerospike config. -- `effective_aerospike_config` (Map of String) Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the globalAerospike config +- `effective_aerospike_config` (Map of String) Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the global Aerospike config - `effective_pod_spec` (Attributes) Effective/operative PodSpec. The resultant is user input if specified else global PodSpec (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec)) - `effective_storage` (Attributes) Effective/operative storage. The resultant is user input if specified else global storage (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage)) - `node_name` (String) K8s Node name for setting rack affinity. Rack pods will be deployed in given k8s Node - `pod_spec` (Attributes) PodSpec to use for the pods in this rack. This value overwrites the global storage config (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec)) -- `rack_label` (String) RackLabel for setting rack affinity.Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: } +- `rack_label` (String) RackLabel for setting rack affinity. Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: } - `region` (String) Region name for setting rack affinity. Rack pods will be deployed to given Region - `storage` (Attributes) Storage specify persistent storage to use for the pods in this rack. This value overwrites the global storage config (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage)) - `zone` (String) Zone name for setting rack affinity. Rack pods will be deployed to given Zone @@ -2191,8 +2189,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2216,11 +2214,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2229,11 +2227,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2259,11 +2257,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2272,11 +2270,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2287,8 +2285,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2296,22 +2294,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -2319,7 +2317,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -2327,11 +2325,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2341,7 +2339,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -2349,11 +2347,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2364,15 +2362,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -2380,7 +2378,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -2388,11 +2386,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2402,7 +2400,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -2410,11 +2408,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2425,8 +2423,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2434,22 +2432,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -2457,7 +2455,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -2465,11 +2463,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2479,7 +2477,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -2487,11 +2485,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2502,15 +2500,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -2518,7 +2516,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -2526,11 +2524,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2540,7 +2538,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -2548,11 +2546,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2564,11 +2562,11 @@ Optional: Optional: -- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. -- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys. -- `operator` (String) Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category. -- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system. -- `value` (String) Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string. +- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. @@ -2588,12 +2586,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -2601,12 +2599,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -2619,15 +2617,15 @@ Required: Optional: - `aerospike` (Attributes) Aerospike attachment of this volume on Aerospike server container. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--aerospike)) -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. - `init_containers` (Attributes List) InitContainers are additional init containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--init_containers)) -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. - `sidecars` (Attributes List) Sidecars are side containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--sidecars)) - `source` (Attributes) Source of this volume. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source)) -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. ### Nested Schema for `spec.rack_config.racks.effective_storage.volumes.aerospike` @@ -2645,10 +2643,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -2669,10 +2667,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -2693,10 +2691,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -2706,18 +2704,18 @@ Optional: Optional: - `config_map` (Attributes) ConfigMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--config_map)) -- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--empty_dir)) +- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--empty_dir)) - `persistent_volume` (Attributes) PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--persistent_volume)) -- `secret` (Attributes) Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--secret)) +- `secret` (Attributes) Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--secret)) ### Nested Schema for `spec.rack_config.racks.effective_storage.volumes.source.config_map` Optional: -- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--config_map--items)) -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--config_map--items)) +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined @@ -2726,11 +2724,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -2739,8 +2737,8 @@ Optional: Optional: -- `medium` (String) medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir -- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -2754,7 +2752,7 @@ Required: Optional: -- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be givenName string 'json:'name'' +- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be given Name string 'json:'name'' - `metadata` (Attributes) (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--persistent_volume--metadata)) - `selector` (Attributes) A label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--persistent_volume--selector)) @@ -2773,7 +2771,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--persistent_volume--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_storage.volumes.source.persistent_volume.selector.match_expressions` @@ -2781,11 +2779,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2795,10 +2793,10 @@ Optional: Optional: -- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--secret--items)) +- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--secret--items)) - `optional` (Boolean) optional field specify whether the Secret or its keys must be defined -- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret ### Nested Schema for `spec.rack_config.racks.effective_storage.volumes.source.secret.items` @@ -2806,11 +2804,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -2840,8 +2838,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2865,11 +2863,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2878,11 +2876,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2908,11 +2906,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2921,11 +2919,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2936,8 +2934,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2945,22 +2943,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -2968,7 +2966,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -2976,11 +2974,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2990,7 +2988,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -2998,11 +2996,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3013,15 +3011,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -3029,7 +3027,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -3037,11 +3035,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3051,7 +3049,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -3059,11 +3057,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3074,8 +3072,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` @@ -3083,22 +3081,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -3106,7 +3104,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -3114,11 +3112,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3128,7 +3126,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -3136,11 +3134,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3151,15 +3149,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -3167,7 +3165,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -3175,11 +3173,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3189,7 +3187,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -3197,11 +3195,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3213,11 +3211,11 @@ Optional: Optional: -- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. -- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys. -- `operator` (String) Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category. -- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system. -- `value` (String) Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string. +- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. @@ -3237,12 +3235,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -3250,12 +3248,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -3268,15 +3266,15 @@ Required: Optional: - `aerospike` (Attributes) Aerospike attachment of this volume on Aerospike server container. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--aerospike)) -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. - `init_containers` (Attributes List) InitContainers are additional init containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--init_containers)) -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. - `sidecars` (Attributes List) Sidecars are side containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--sidecars)) - `source` (Attributes) Source of this volume. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source)) -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. ### Nested Schema for `spec.rack_config.racks.storage.volumes.aerospike` @@ -3294,10 +3292,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3318,10 +3316,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3342,10 +3340,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3355,18 +3353,18 @@ Optional: Optional: - `config_map` (Attributes) ConfigMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--config_map)) -- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--empty_dir)) +- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--empty_dir)) - `persistent_volume` (Attributes) PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--persistent_volume)) -- `secret` (Attributes) Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--secret)) +- `secret` (Attributes) Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--secret)) ### Nested Schema for `spec.rack_config.racks.storage.volumes.source.config_map` Optional: -- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--config_map--items)) -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--config_map--items)) +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined @@ -3375,11 +3373,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -3388,8 +3386,8 @@ Optional: Optional: -- `medium` (String) medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir -- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -3403,7 +3401,7 @@ Required: Optional: -- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be givenName string 'json:'name'' +- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be given Name string 'json:'name'' - `metadata` (Attributes) (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--persistent_volume--metadata)) - `selector` (Attributes) A label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--persistent_volume--selector)) @@ -3422,7 +3420,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--persistent_volume--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.storage.volumes.source.persistent_volume.selector.match_expressions` @@ -3430,11 +3428,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3444,10 +3442,10 @@ Optional: Optional: -- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--secret--items)) +- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--secret--items)) - `optional` (Boolean) optional field specify whether the Secret or its keys must be defined -- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret ### Nested Schema for `spec.rack_config.racks.storage.volumes.source.secret.items` @@ -3455,11 +3453,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -3473,7 +3471,7 @@ Optional: Optional: -- `load_balancer` (Attributes) LoadBalancer created to discover Aerospike Cluster nodes from outside ofKubernetes cluster. (see [below for nested schema](#nestedatt--spec--seeds_finder_services--load_balancer)) +- `load_balancer` (Attributes) LoadBalancer created to discover Aerospike Cluster nodes from outside of Kubernetes cluster. (see [below for nested schema](#nestedatt--spec--seeds_finder_services--load_balancer)) ### Nested Schema for `spec.seeds_finder_services.load_balancer` @@ -3481,11 +3479,11 @@ Optional: Optional: - `annotations` (Map of String) -- `external_traffic_policy` (String) ServiceExternalTrafficPolicy describes how nodes distribute service traffic theyreceive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs,and LoadBalancer IPs. +- `external_traffic_policy` (String) ServiceExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs, and LoadBalancer IPs. - `load_balancer_source_ranges` (List of String) - `port` (Number) Port Exposed port on load balancer. If not specified TargetPort is used. - `port_name` (String) The name of the port exposed on load balancer service. -- `target_port` (Number) TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config.If there is no tls port configured then regular port from network.service is used. +- `target_port` (Number) TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config. If there is no tls port configured then regular port from network.service is used. @@ -3505,12 +3503,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -3518,12 +3516,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -3536,15 +3534,15 @@ Required: Optional: - `aerospike` (Attributes) Aerospike attachment of this volume on Aerospike server container. (see [below for nested schema](#nestedatt--spec--storage--volumes--aerospike)) -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. - `init_containers` (Attributes List) InitContainers are additional init containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--storage--volumes--init_containers)) -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. - `sidecars` (Attributes List) Sidecars are side containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--storage--volumes--sidecars)) - `source` (Attributes) Source of this volume. (see [below for nested schema](#nestedatt--spec--storage--volumes--source)) -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. ### Nested Schema for `spec.storage.volumes.aerospike` @@ -3562,10 +3560,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3586,10 +3584,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3610,10 +3608,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3623,18 +3621,18 @@ Optional: Optional: - `config_map` (Attributes) ConfigMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--storage--volumes--source--config_map)) -- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--storage--volumes--source--empty_dir)) +- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--storage--volumes--source--empty_dir)) - `persistent_volume` (Attributes) PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--persistent_volume)) -- `secret` (Attributes) Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--secret)) +- `secret` (Attributes) Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--secret)) ### Nested Schema for `spec.storage.volumes.source.config_map` Optional: -- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--config_map--items)) -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--config_map--items)) +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined @@ -3643,11 +3641,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -3656,8 +3654,8 @@ Optional: Optional: -- `medium` (String) medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir -- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -3671,7 +3669,7 @@ Required: Optional: -- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be givenName string 'json:'name'' +- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be given Name string 'json:'name'' - `metadata` (Attributes) (see [below for nested schema](#nestedatt--spec--storage--volumes--source--persistent_volume--metadata)) - `selector` (Attributes) A label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--persistent_volume--selector)) @@ -3690,7 +3688,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--persistent_volume--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.storage.volumes.source.persistent_volume.selector.match_expressions` @@ -3698,11 +3696,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3712,10 +3710,10 @@ Optional: Optional: -- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--secret--items)) +- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--secret--items)) - `optional` (Boolean) optional field specify whether the Secret or its keys must be defined -- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret ### Nested Schema for `spec.storage.volumes.source.secret.items` @@ -3723,11 +3721,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -3739,5 +3737,5 @@ Optional: Required: -- `skip_work_dir_validate` (Boolean) skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage.Defaults to false. -- `skip_xdr_dlog_file_validate` (Boolean) ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage.Defaults to false. +- `skip_work_dir_validate` (Boolean) skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage. Defaults to false. +- `skip_xdr_dlog_file_validate` (Boolean) ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage. Defaults to false. diff --git a/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1beta1_manifest.md b/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1beta1_manifest.md index c9763592d..f3e2c7fee 100644 --- a/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1beta1_manifest.md +++ b/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1beta1_manifest.md @@ -70,9 +70,9 @@ Optional: - `aerospike_network_policy` (Attributes) AerospikeNetworkPolicy specifies how clients and tools access the Aerospike cluster. (see [below for nested schema](#nestedatt--spec--aerospike_network_policy)) - `operator_client_cert` (Attributes) Certificates to connect to Aerospike. (see [below for nested schema](#nestedatt--spec--operator_client_cert)) - `pod_spec` (Attributes) Specify additional configuration for the Aerospike pods (see [below for nested schema](#nestedatt--spec--pod_spec)) -- `rack_config` (Attributes) RackConfig Configures the operator to deploy rack aware Aerospike cluster.Pods will be deployed in given racks based on given configuration (see [below for nested schema](#nestedatt--spec--rack_config)) +- `rack_config` (Attributes) RackConfig Configures the operator to deploy rack aware Aerospike cluster. Pods will be deployed in given racks based on given configuration (see [below for nested schema](#nestedatt--spec--rack_config)) - `roster_node_block_list` (List of String) RosterNodeBlockList is a list of blocked nodeIDs from roster in a strong-consistency setup -- `seeds_finder_services` (Attributes) SeedsFinderServices creates additional Kubernetes service that allowclients to discover Aerospike cluster nodes. (see [below for nested schema](#nestedatt--spec--seeds_finder_services)) +- `seeds_finder_services` (Attributes) SeedsFinderServices creates additional Kubernetes service that allow clients to discover Aerospike cluster nodes. (see [below for nested schema](#nestedatt--spec--seeds_finder_services)) - `storage` (Attributes) Storage specify persistent storage to use for the Aerospike pods (see [below for nested schema](#nestedatt--spec--storage)) - `validation_policy` (Attributes) ValidationPolicy controls validation of the Aerospike cluster resource. (see [below for nested schema](#nestedatt--spec--validation_policy)) @@ -95,7 +95,7 @@ Required: - `name` (String) Name is the user's username. - `roles` (List of String) Roles is the list of roles granted to the user. -- `secret_name` (String) SecretName has secret info created by user. User needs to create this secret from password literal.eg: kubectl create secret generic dev-db-secret --from-literal=password='password' +- `secret_name` (String) SecretName has secret info created by user. User needs to create this secret from password literal. eg: kubectl create secret generic dev-db-secret --from-literal=password='password' @@ -127,18 +127,18 @@ Optional: Optional: -- `access` (String) AccessType is the type of network address to use for Aerospike access address.Defaults to hostInternal. -- `alternate_access` (String) AlternateAccessType is the type of network address to use for Aerospike alternate access address.Defaults to hostExternal. -- `custom_access_network_names` (List of String) CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' access type. -- `custom_alternate_access_network_names` (List of String) CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospikealternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' alternateAccess type -- `custom_fabric_network_names` (List of String) CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' fabric type -- `custom_tls_access_network_names` (List of String) CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAccess type -- `custom_tls_alternate_access_network_names` (List of String) CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLSalternate access address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assignnetwork interfaces to the pod.Required with 'customInterface' tlsAlternateAccess type -- `custom_tls_fabric_network_names` (List of String) CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address.Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition,separated by a forward slash (/).These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign networkinterfaces to the pod.Required with 'customInterface' tlsFabric type -- `fabric` (String) FabricType is the type of network address to use for Aerospike fabric address.Defaults is empty meaning all interfaces 'any'. -- `tls_access` (String) TLSAccessType is the type of network address to use for Aerospike TLS access address.Defaults to hostInternal. -- `tls_alternate_access` (String) TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address.Defaults to hostExternal. -- `tls_fabric` (String) TLSFabricType is the type of network address to use for Aerospike TLS fabric address.Defaults is empty meaning all interfaces 'any'. +- `access` (String) AccessType is the type of network address to use for Aerospike access address. Defaults to hostInternal. +- `alternate_access` (String) AlternateAccessType is the type of network address to use for Aerospike alternate access address. Defaults to hostExternal. +- `custom_access_network_names` (List of String) CustomAccessNetworkNames is the list of the pod's network interfaces used for Aerospike access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' access type. +- `custom_alternate_access_network_names` (List of String) CustomAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' alternateAccess type +- `custom_fabric_network_names` (List of String) CustomFabricNetworkNames is the list of the pod's network interfaces used for Aerospike fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' fabric type +- `custom_tls_access_network_names` (List of String) CustomTLSAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAccess type +- `custom_tls_alternate_access_network_names` (List of String) CustomTLSAlternateAccessNetworkNames is the list of the pod's network interfaces used for Aerospike TLS alternate access address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsAlternateAccess type +- `custom_tls_fabric_network_names` (List of String) CustomTLSFabricNetworkNames is the list of the pod's network interfaces used for Aerospike TLS fabric address. Each element in the list is specified with a namespace and the name of a NetworkAttachmentDefinition, separated by a forward slash (/). These elements must be defined in the pod annotation k8s.v1.cni.cncf.io/networks in order to assign network interfaces to the pod. Required with 'customInterface' tlsFabric type +- `fabric` (String) FabricType is the type of network address to use for Aerospike fabric address. Defaults is empty meaning all interfaces 'any'. +- `tls_access` (String) TLSAccessType is the type of network address to use for Aerospike TLS access address. Defaults to hostInternal. +- `tls_alternate_access` (String) TLSAlternateAccessType is the type of network address to use for Aerospike TLS alternate access address. Defaults to hostExternal. +- `tls_fabric` (String) TLSFabricType is the type of network address to use for Aerospike TLS fabric address. Defaults is empty meaning all interfaces 'any'. @@ -146,7 +146,7 @@ Optional: Optional: -- `cert_path_in_operator` (Attributes) AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospikecluster.All paths are on operator's filesystem. (see [below for nested schema](#nestedatt--spec--operator_client_cert--cert_path_in_operator)) +- `cert_path_in_operator` (Attributes) AerospikeCertPathInOperatorSource contain configuration for certificates used by operator to connect to aerospike cluster. All paths are on operator's filesystem. (see [below for nested schema](#nestedatt--spec--operator_client_cert--cert_path_in_operator)) - `secret_cert_source` (Attributes) (see [below for nested schema](#nestedatt--spec--operator_client_cert--secret_cert_source)) - `tls_client_name` (String) If specified, this name will be added to tls-authenticate-client list by the operator @@ -194,19 +194,19 @@ Optional: Optional: -- `aerospike_container` (Attributes) AerospikeContainerSpec configures the aerospike-server containercreated by the operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container)) -- `aerospike_init_container` (Attributes) AerospikeInitContainerSpec configures the aerospike-init containercreated by the operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container)) +- `aerospike_container` (Attributes) AerospikeContainerSpec configures the aerospike-server container created by the operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container)) +- `aerospike_init_container` (Attributes) AerospikeInitContainerSpec configures the aerospike-init container created by the operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container)) - `affinity` (Attributes) Affinity rules for pod placement. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity)) -- `dns_config` (Attributes) DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.This is required field when dnsPolicy is set to 'None' (see [below for nested schema](#nestedatt--spec--pod_spec--dns_config)) -- `dns_policy` (String) DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy.If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet +- `dns_config` (Attributes) DNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy. This is required field when dnsPolicy is set to 'None' (see [below for nested schema](#nestedatt--spec--pod_spec--dns_config)) +- `dns_policy` (String) DnsPolicy same as https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. If hostNetwork is true and policy is not specified, it defaults to ClusterFirstWithHostNet - `effective_dns_policy` (String) Effective value of the DNSPolicy -- `host_network` (Boolean) HostNetwork enables host networking for the pod.To enable hostNetwork multiPodPerHost must be false. -- `image_pull_secrets` (Attributes List) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any ofthe images used by this PodSpec.More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--pod_spec--image_pull_secrets)) +- `host_network` (Boolean) HostNetwork enables host networking for the pod. To enable hostNetwork multiPodPerHost must be false. +- `image_pull_secrets` (Attributes List) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--pod_spec--image_pull_secrets)) - `init_containers` (Attributes List) InitContainers to add to the pods. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers)) - `metadata` (Attributes) MetaData to add to the pod. (see [below for nested schema](#nestedatt--spec--pod_spec--metadata)) -- `multi_pod_per_host` (Boolean) If set true then multiple pods can be created per Kubernetes Node.This will create a NodePort service for each Pod.NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes ,and any traffic that is sent to this port is forwarded to the service.Here service picks a random port in range (30000-32767), so these port should be open.If set false then only single pod can be created per Kubernetes Node.This will create Pods using hostPort setting.The container port will be exposed to the external network at :,where the hostIP is the IP address of the Kubernetes Node where the container is running andthe hostPort is the port requested by the user. +- `multi_pod_per_host` (Boolean) If set true then multiple pods can be created per Kubernetes Node. This will create a NodePort service for each Pod. NodePort, as the name implies, opens a specific port on all the Kubernetes Nodes , and any traffic that is sent to this port is forwarded to the service. Here service picks a random port in range (30000-32767), so these port should be open. If set false then only single pod can be created per Kubernetes Node. This will create Pods using hostPort setting. The container port will be exposed to the external network at :, where the hostIP is the IP address of the Kubernetes Node where the container is running and the hostPort is the port requested by the user. - `node_selector` (Map of String) NodeSelector constraints for this pod. -- `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context)) +- `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context)) - `sidecars` (Attributes List) Sidecars to add to the pod. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars)) - `tolerations` (Attributes List) Tolerations for this pod. (see [below for nested schema](#nestedatt--spec--pod_spec--tolerations)) @@ -215,7 +215,7 @@ Optional: Optional: -- `resources` (Attributes) Define resources requests and limits for Aerospike Server Container.Please contact aerospike for proper sizing exerciseOnly Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--resources)) +- `resources` (Attributes) Define resources requests and limits for Aerospike Server Container. Please contact aerospike for proper sizing exercise Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--resources)) - `security_context` (Attributes) SecurityContext that will be added to aerospike-server container created by operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context)) @@ -223,16 +223,16 @@ Optional: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--resources--claims)) -- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--resources--claims)) +- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ### Nested Schema for `spec.pod_spec.aerospike_container.resources.claims` Required: -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. +- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. @@ -241,17 +241,17 @@ Required: Optional: -- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--capabilities)) -- `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. -- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--windows_options)) +- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--capabilities)) +- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_container--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.aerospike_container.security_context.capabilities` @@ -278,11 +278,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -290,10 +290,10 @@ Optional: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -303,8 +303,8 @@ Optional: Optional: -- `image_registry` (String) ImageRegistry is the name of image registry for aerospike-init container imageImageRegistry, e.g. docker.io, redhat.access.com -- `resources` (Attributes) Define resources requests and limits for Aerospike init Container.Only Memory and Cpu resources can be givenResources.Limits should be more than Resources.Requests. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--resources)) +- `image_registry` (String) ImageRegistry is the name of image registry for aerospike-init container image ImageRegistry, e.g. docker.io, redhat.access.com +- `resources` (Attributes) Define resources requests and limits for Aerospike init Container. Only Memory and Cpu resources can be given Resources.Limits should be more than Resources.Requests. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--resources)) - `security_context` (Attributes) SecurityContext that will be added to aerospike-init container created by operator. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context)) @@ -312,16 +312,16 @@ Optional: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--resources--claims)) -- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--resources--claims)) +- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ### Nested Schema for `spec.pod_spec.aerospike_init_container.resources.claims` Required: -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. +- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. @@ -330,17 +330,17 @@ Required: Optional: -- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--capabilities)) -- `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. -- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--windows_options)) +- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--capabilities)) +- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--aerospike_init_container--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.aerospike_init_container.security_context.capabilities` @@ -367,11 +367,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -379,10 +379,10 @@ Optional: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -401,8 +401,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.pod_spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution` @@ -426,11 +426,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -439,11 +439,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -469,11 +469,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -482,11 +482,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -497,8 +497,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution` @@ -506,22 +506,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -529,7 +529,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -537,11 +537,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -551,7 +551,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -559,11 +559,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -574,15 +574,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -590,7 +590,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -598,11 +598,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -612,7 +612,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -620,11 +620,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -635,8 +635,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` @@ -644,22 +644,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -667,7 +667,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -675,11 +675,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -689,7 +689,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -697,11 +697,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -712,15 +712,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -728,7 +728,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -736,11 +736,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -750,7 +750,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -758,11 +758,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -774,9 +774,9 @@ Optional: Optional: -- `nameservers` (List of String) A list of DNS name server IP addresses.This will be appended to the base nameservers generated from DNSPolicy.Duplicated nameservers will be removed. -- `options` (Attributes List) A list of DNS resolver options.This will be merged with the base options generated from DNSPolicy.Duplicated entries will be removed. Resolution options given in Optionswill override those that appear in the base DNSPolicy. (see [below for nested schema](#nestedatt--spec--pod_spec--dns_config--options)) -- `searches` (List of String) A list of DNS search domains for host-name lookup.This will be appended to the base search paths generated from DNSPolicy.Duplicated search paths will be removed. +- `nameservers` (List of String) A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. +- `options` (Attributes List) A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. (see [below for nested schema](#nestedatt--spec--pod_spec--dns_config--options)) +- `searches` (List of String) A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. ### Nested Schema for `spec.pod_spec.dns_config.options` @@ -793,7 +793,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -801,33 +801,33 @@ Optional: Required: -- `name` (String) Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated. +- `name` (String) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. Optional: -- `args` (List of String) Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `command` (List of String) Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `env` (Attributes List) List of environment variables to set in the container.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env)) -- `env_from` (Attributes List) List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env_from)) -- `image` (String) Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets. -- `image_pull_policy` (String) Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images -- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle)) -- `liveness_probe` (Attributes) Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe)) -- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--ports)) -- `readiness_probe` (Attributes) Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe)) +- `args` (List of String) Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +- `command` (List of String) Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env)) +- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env_from)) +- `image` (String) Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. +- `image_pull_policy` (String) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images +- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle)) +- `liveness_probe` (Attributes) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe)) +- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--ports)) +- `readiness_probe` (Attributes) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe)) - `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resize_policy)) -- `resources` (Attributes) Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resources)) -- `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted. -- `security_context` (Attributes) SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context)) -- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe)) -- `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false. -- `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false -- `termination_message_path` (String) Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated. -- `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated. -- `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false. +- `resources` (Attributes) Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resources)) +- `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +- `security_context` (Attributes) SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context)) +- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe)) +- `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. +- `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false +- `termination_message_path` (String) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. +- `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. +- `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--volume_devices)) -- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--volume_mounts)) -- `working_dir` (String) Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated. +- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--volume_mounts)) +- `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. ### Nested Schema for `spec.pod_spec.init_containers.env` @@ -838,7 +838,7 @@ Required: Optional: -- `value` (String) Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''. +- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''. - `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from)) @@ -847,8 +847,8 @@ Optional: Optional: - `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--config_map_key_ref)) -- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--field_ref)) -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--resource_field_ref)) +- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--resource_field_ref)) - `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--env--value_from--secret_key_ref)) @@ -860,7 +860,7 @@ Required: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined @@ -898,7 +898,7 @@ Required: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the Secret or its key must be defined @@ -918,7 +918,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the ConfigMap must be defined @@ -927,7 +927,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the Secret must be defined @@ -937,8 +937,8 @@ Optional: Optional: -- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start)) -- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop)) +- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start)) +- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop)) ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.post_start` @@ -948,14 +948,14 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--http_get)) - `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--sleep)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--tcp_socket)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--tcp_socket)) ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.post_start.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -963,21 +963,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--post_start--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.post_start.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -995,7 +995,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1011,14 +1011,14 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--http_get)) - `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--sleep)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--tcp_socket)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--tcp_socket)) ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.pre_stop.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1026,21 +1026,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--lifecycle--pre_stop--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.lifecycle.pre_stop.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1058,7 +1058,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1073,22 +1073,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.init_containers.liveness_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1100,7 +1100,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1108,21 +1108,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--liveness_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.liveness_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1132,7 +1132,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1145,14 +1145,14 @@ Optional: Required: -- `container_port` (Number) Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536. +- `container_port` (Number) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. Optional: - `host_ip` (String) What host IP to bind the external port to. -- `host_port` (Number) Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this. -- `name` (String) If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services. -- `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'. +- `host_port` (Number) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. +- `name` (String) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. +- `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'. @@ -1161,22 +1161,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.init_containers.readiness_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1188,7 +1188,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1196,21 +1196,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--readiness_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.readiness_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1220,7 +1220,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1233,8 +1233,8 @@ Optional: Required: -- `resource_name` (String) Name of the resource to which this resource resize policy applies.Supported values: cpu, memory. -- `restart_policy` (String) Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired. +- `resource_name` (String) Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. +- `restart_policy` (String) Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. @@ -1242,16 +1242,16 @@ Required: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resources--claims)) -- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--resources--claims)) +- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ### Nested Schema for `spec.pod_spec.init_containers.resources.claims` Required: -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. +- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. @@ -1260,17 +1260,17 @@ Required: Optional: -- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--capabilities)) -- `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. -- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--windows_options)) +- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--capabilities)) +- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.init_containers.security_context.capabilities` @@ -1297,11 +1297,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -1309,10 +1309,10 @@ Optional: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -1322,22 +1322,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.init_containers.startup_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1349,7 +1349,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1357,21 +1357,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--init_containers--startup_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.init_containers.startup_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1381,7 +1381,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1403,15 +1403,15 @@ Required: Required: -- `mount_path` (String) Path within the container at which the volume should be mounted. Mustnot contain ':'. +- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'. - `name` (String) This must match the Name of a Volume. Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -1429,16 +1429,16 @@ Optional: Optional: -- `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. -- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to all containers.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in SecurityContext. If set inboth SecurityContext and PodSecurityContext, the value specified in SecurityContexttakes precedence for that container.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--seccomp_profile)) -- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in additionto the container's primary GID, the fsGroup (if specified), and group membershipsdefined in the container image for the uid of the container process. If unspecified,no additional groups are added to any container. Note that group membershipsdefined in the container image for the uid of the container process are still effective,even if they are not included in this list.Note that this field cannot be set when spec.os.name is windows. -- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--sysctls)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--windows_options)) +- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. +- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--seccomp_profile)) +- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. +- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--sysctls)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.security_context.se_linux_options` @@ -1456,11 +1456,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -1477,10 +1477,10 @@ Required: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -1489,33 +1489,33 @@ Optional: Required: -- `name` (String) Name of the container specified as a DNS_LABEL.Each container in a pod must have a unique name (DNS_LABEL).Cannot be updated. +- `name` (String) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. Optional: -- `args` (List of String) Arguments to the entrypoint.The container image's CMD is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `command` (List of String) Entrypoint array. Not executed within a shell.The container image's ENTRYPOINT is used if this is not provided.Variable references $(VAR_NAME) are expanded using the container's environment. If a variablecannot be resolved, the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' willproduce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardlessof whether the variable exists or not. Cannot be updated.More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `env` (Attributes List) List of environment variables to set in the container.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env)) -- `env_from` (Attributes List) List of sources to populate environment variables in the container.The keys defined within a source must be a C_IDENTIFIER. All invalid keyswill be reported as an event when the container is starting. When a key exists in multiplesources, the value associated with the last source will take precedence.Values defined by an Env with a duplicate key will take precedence.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env_from)) -- `image` (String) Container image name.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets. -- `image_pull_policy` (String) Image pull policy.One of Always, Never, IfNotPresent.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.Cannot be updated.More info: https://kubernetes.io/docs/concepts/containers/images#updating-images -- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle)) -- `liveness_probe` (Attributes) Periodic probe of container liveness.Container will be restarted if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe)) -- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port hereDOES NOT prevent that port from being exposed. Any port which islistening on the default '0.0.0.0' address inside a container will beaccessible from the network.Modifying this array with strategic merge patch may corrupt the data.For more information See https://github.com/kubernetes/kubernetes/issues/108255.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--ports)) -- `readiness_probe` (Attributes) Periodic probe of container service readiness.Container will be removed from service endpoints if the probe fails.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe)) +- `args` (List of String) Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +- `command` (List of String) Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env)) +- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env_from)) +- `image` (String) Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. +- `image_pull_policy` (String) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images +- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle)) +- `liveness_probe` (Attributes) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe)) +- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--ports)) +- `readiness_probe` (Attributes) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe)) - `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resize_policy)) -- `resources` (Attributes) Compute Resources required by this container.Cannot be updated.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resources)) -- `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod.This field may only be set for init containers, and the only allowed value is 'Always'.For non-init containers or when this field is not specified,the restart behavior is defined by the Pod's restart policy and the container type.Setting the RestartPolicy as 'Always' for the init container will have the following effect:this init container will be continually restarted onexit until all regular containers have terminated. Once all regularcontainers have completed, all init containers with restartPolicy 'Always'will be shut down. This lifecycle differs from normal init containers andis often referred to as a 'sidecar' container. Although this initcontainer still starts in the init container sequence, it does not waitfor the container to complete before proceeding to the next initcontainer. Instead, the next init container starts immediately after thisinit container is started, or after any startupProbe has successfullycompleted. -- `security_context` (Attributes) SecurityContext defines the security options the container should be run with.If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context)) -- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized.If specified, no other probes are executed until this completes successfully.If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,when it might take a long time to load data or warm a cache, than during steady-state operation.This cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe)) -- `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If thisis not set, reads from stdin in the container will always result in EOF.Default is false. -- `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened bya single attach. When stdin is true the stdin stream will remain open across multiple attachsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until thefirst client attaches to stdin, and then remains open and accepts data until the client disconnects,at which time stdin is closed and remains closed until the container is restarted. If thisflag is false, a container processes that reads from stdin will never receive an EOF.Default is false -- `termination_message_path` (String) Optional: Path at which the file to which the container's termination messagewill be written is mounted into the container's filesystem.Message written is intended to be brief final status, such as an assertion failure message.Will be truncated by the node if greater than 4096 bytes. The total message length acrossall containers will be limited to 12kb.Defaults to /dev/termination-log.Cannot be updated. -- `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents ofterminationMessagePath to populate the container status message on both success and failure.FallbackToLogsOnError will use the last chunk of container log output if the terminationmessage file is empty and the container exited with an error.The log output is limited to 2048 bytes or 80 lines, whichever is smaller.Defaults to File.Cannot be updated. -- `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.Default is false. +- `resources` (Attributes) Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resources)) +- `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +- `security_context` (Attributes) SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context)) +- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe)) +- `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. +- `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false +- `termination_message_path` (String) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. +- `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. +- `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--volume_devices)) -- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem.Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--volume_mounts)) -- `working_dir` (String) Container's working directory.If not specified, the container runtime's default will be used, whichmight be configured in the container image.Cannot be updated. +- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--volume_mounts)) +- `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. ### Nested Schema for `spec.pod_spec.sidecars.env` @@ -1526,7 +1526,7 @@ Required: Optional: -- `value` (String) Variable references $(VAR_NAME) are expandedusing the previously defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. Double $$ are reducedto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.'$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'.Escaped references will never be expanded, regardless of whether the variableexists or not.Defaults to ''. +- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''. - `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from)) @@ -1535,8 +1535,8 @@ Optional: Optional: - `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--config_map_key_ref)) -- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']',spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--field_ref)) -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--resource_field_ref)) +- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--resource_field_ref)) - `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--env--value_from--secret_key_ref)) @@ -1548,7 +1548,7 @@ Required: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined @@ -1586,7 +1586,7 @@ Required: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the Secret or its key must be defined @@ -1606,7 +1606,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the ConfigMap must be defined @@ -1615,7 +1615,7 @@ Optional: Optional: -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) Specify whether the Secret must be defined @@ -1625,8 +1625,8 @@ Optional: Optional: -- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails,the container is terminated and restarted according to its restart policy.Other management of the container blocks until the hook completes.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start)) -- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to anAPI request or management event such as liveness/startup probe failure,preemption, resource contention, etc. The handler is not called if thecontainer crashes or exits. The Pod's termination grace period countdown begins before thePreStop hook is executed. Regardless of the outcome of the handler, thecontainer will eventually terminate within the Pod's termination graceperiod (unless delayed by finalizers). Other management of the container blocks until the hook completesor until the termination grace period is reached.More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop)) +- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start)) +- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop)) ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.post_start` @@ -1636,14 +1636,14 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--http_get)) - `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--sleep)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--tcp_socket)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--tcp_socket)) ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.post_start.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1651,21 +1651,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--post_start--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.post_start.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1683,7 +1683,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1699,14 +1699,14 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--http_get)) - `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--sleep)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--tcp_socket)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--tcp_socket)) ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.pre_stop.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1714,21 +1714,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--lifecycle--pre_stop--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.lifecycle.pre_stop.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1746,7 +1746,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1761,22 +1761,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.sidecars.liveness_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1788,7 +1788,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1796,21 +1796,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--liveness_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.liveness_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1820,7 +1820,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1833,14 +1833,14 @@ Optional: Required: -- `container_port` (Number) Number of port to expose on the pod's IP address.This must be a valid port number, 0 < x < 65536. +- `container_port` (Number) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. Optional: - `host_ip` (String) What host IP to bind the external port to. -- `host_port` (Number) Number of port to expose on the host.If specified, this must be a valid port number, 0 < x < 65536.If HostNetwork is specified, this must match ContainerPort.Most containers do not need this. -- `name` (String) If specified, this must be an IANA_SVC_NAME and unique within the pod. Eachnamed port in a pod must have a unique name. Name for the port that can bereferred to by services. -- `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP.Defaults to 'TCP'. +- `host_port` (Number) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. +- `name` (String) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. +- `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'. @@ -1849,22 +1849,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.sidecars.readiness_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -1876,7 +1876,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1884,21 +1884,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--readiness_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.readiness_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -1908,7 +1908,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -1921,8 +1921,8 @@ Optional: Required: -- `resource_name` (String) Name of the resource to which this resource resize policy applies.Supported values: cpu, memory. -- `restart_policy` (String) Restart policy to apply when specified resource is resized.If not specified, it defaults to NotRequired. +- `resource_name` (String) Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. +- `restart_policy` (String) Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. @@ -1930,16 +1930,16 @@ Required: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resources--claims)) -- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--resources--claims)) +- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ### Nested Schema for `spec.pod_spec.sidecars.resources.claims` Required: -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. +- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. @@ -1948,17 +1948,17 @@ Required: Optional: -- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--capabilities)) -- `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. -- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. -- `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. -- `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--windows_options)) +- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--capabilities)) +- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--security_context--windows_options)) ### Nested Schema for `spec.pod_spec.sidecars.security_context.capabilities` @@ -1985,11 +1985,11 @@ Optional: Required: -- `type` (String) type indicates which kind of seccomp profile will be applied.Valid options are:Localhost - a profile defined in a file on the node should be used.RuntimeDefault - the container runtime default profile should be used.Unconfined - no profile should be applied. +- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. Optional: -- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used.The profile must be preconfigured on the node to work.Must be a descending path, relative to the kubelet's configured seccomp profile location.Must be set if type is 'Localhost'. Must NOT be set for any other type. +- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. @@ -1997,10 +1997,10 @@ Optional: Optional: -- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of theGMSA credential spec named by the GMSACredentialSpecName field. +- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use. -- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container.All of a Pod's containers must have the same effective HostProcess value(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).In addition, if HostProcess is true then HostNetwork must also be set to true. -- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process.Defaults to the user specified in image metadata if unspecified.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. +- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -2010,22 +2010,22 @@ Optional: Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--exec)) -- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded.Defaults to 3. Minimum value is 1. +- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--grpc)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--http_get)) -- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- `period_seconds` (Number) How often (in seconds) to perform the probe.Default to 10 seconds. Minimum value is 1. -- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed.Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--tcp_socket)) -- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure.The grace period is the duration in seconds after the processes running in the pod are senta termination signal and the time when the processes are forcibly halted with a kill signal.Set this value longer than the expected cleanup time for your process.If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, thisvalue overrides the value provided by the pod spec.Value must be non-negative integer. The value zero indicates stop immediately viathe kill signal (no opportunity to shut down).This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -- `timeout_seconds` (Number) Number of seconds after which the probe times out.Defaults to 1 second. Minimum value is 1.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes ### Nested Schema for `spec.pod_spec.sidecars.startup_probe.exec` Optional: -- `command` (List of String) Command is the command line to execute inside the container, the working directory for thecommand is root ('/') in the container's filesystem. The command is simply exec'd, it isnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To usea shell, you need to explicitly call out to that shell.Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. @@ -2037,7 +2037,7 @@ Required: Optional: -- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).If this is not specified, the default behavior is defined by gRPC. +- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -2045,21 +2045,21 @@ Optional: Required: -- `port` (String) Name or number of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: -- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set'Host' in httpHeaders instead. +- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. - `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--pod_spec--sidecars--startup_probe--http_get--http_headers)) - `path` (String) Path to access on the HTTP server. -- `scheme` (String) Scheme to use for connecting to the host.Defaults to HTTP. +- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. ### Nested Schema for `spec.pod_spec.sidecars.startup_probe.http_get.http_headers` Required: -- `name` (String) The header field name.This will be canonicalized upon output, so case-variant names will be understood as the same header. +- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. - `value` (String) The header field value @@ -2069,7 +2069,7 @@ Required: Required: -- `port` (String) Number or name of the port to access on the container.Number must be in the range 1 to 65535.Name must be an IANA_SVC_NAME. +- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. Optional: @@ -2091,15 +2091,15 @@ Required: Required: -- `mount_path` (String) Path within the container at which the volume should be mounted. Mustnot contain ':'. +- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'. - `name` (String) This must match the Name of a Volume. Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -2108,11 +2108,11 @@ Optional: Optional: -- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. -- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys. -- `operator` (String) Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category. -- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system. -- `value` (String) Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string. +- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. @@ -2135,12 +2135,12 @@ Required: Optional: - `aerospike_config` (Map of String) AerospikeConfig overrides the common AerospikeConfig for this Rack. This is merged with global Aerospike config. -- `effective_aerospike_config` (Map of String) Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the globalAerospike config +- `effective_aerospike_config` (Map of String) Effective/operative Aerospike config. The resultant is a merge of rack Aerospike config and the global Aerospike config - `effective_pod_spec` (Attributes) Effective/operative PodSpec. The resultant is user input if specified else global PodSpec (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec)) - `effective_storage` (Attributes) Effective/operative storage. The resultant is user input if specified else global storage (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage)) - `node_name` (String) K8s Node name for setting rack affinity. Rack pods will be deployed in given k8s Node - `pod_spec` (Attributes) PodSpec to use for the pods in this rack. This value overwrites the global storage config (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec)) -- `rack_label` (String) RackLabel for setting rack affinity.Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: } +- `rack_label` (String) RackLabel for setting rack affinity. Rack pods will be deployed in k8s nodes having rackLabel {aerospike.com/rack-label: } - `region` (String) Region name for setting rack affinity. Rack pods will be deployed to given Region - `storage` (Attributes) Storage specify persistent storage to use for the pods in this rack. This value overwrites the global storage config (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage)) - `zone` (String) Zone name for setting rack affinity. Rack pods will be deployed to given Zone @@ -2168,8 +2168,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2193,11 +2193,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2206,11 +2206,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2236,11 +2236,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2249,11 +2249,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2264,8 +2264,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2273,22 +2273,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -2296,7 +2296,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -2304,11 +2304,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2318,7 +2318,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -2326,11 +2326,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2341,15 +2341,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -2357,7 +2357,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -2365,11 +2365,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2379,7 +2379,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -2387,11 +2387,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2402,8 +2402,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2411,22 +2411,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -2434,7 +2434,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -2442,11 +2442,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2456,7 +2456,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -2464,11 +2464,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2479,15 +2479,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -2495,7 +2495,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -2503,11 +2503,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2517,7 +2517,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -2525,11 +2525,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2541,11 +2541,11 @@ Optional: Optional: -- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. -- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys. -- `operator` (String) Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category. -- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system. -- `value` (String) Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string. +- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. @@ -2564,12 +2564,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -2577,12 +2577,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -2595,15 +2595,15 @@ Required: Optional: - `aerospike` (Attributes) Aerospike attachment of this volume on Aerospike server container. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--aerospike)) -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. - `init_containers` (Attributes List) InitContainers are additional init containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--init_containers)) -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. - `sidecars` (Attributes List) Sidecars are side containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--sidecars)) - `source` (Attributes) Source of this volume. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source)) -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. ### Nested Schema for `spec.rack_config.racks.effective_storage.volumes.aerospike` @@ -2621,10 +2621,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -2645,10 +2645,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -2669,10 +2669,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -2682,18 +2682,18 @@ Optional: Optional: - `config_map` (Attributes) ConfigMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--config_map)) -- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--empty_dir)) +- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--empty_dir)) - `persistent_volume` (Attributes) PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--persistent_volume)) -- `secret` (Attributes) Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--secret)) +- `secret` (Attributes) Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--secret)) ### Nested Schema for `spec.rack_config.racks.effective_storage.volumes.source.config_map` Optional: -- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--config_map--items)) -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--config_map--items)) +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined @@ -2702,11 +2702,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -2715,8 +2715,8 @@ Optional: Optional: -- `medium` (String) medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir -- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -2730,7 +2730,7 @@ Required: Optional: -- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be givenName string 'json:'name'' +- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be given Name string 'json:'name'' - `metadata` (Attributes) (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--persistent_volume--metadata)) - `selector` (Attributes) A label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--persistent_volume--selector)) @@ -2749,7 +2749,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--persistent_volume--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.effective_storage.volumes.source.persistent_volume.selector.match_expressions` @@ -2757,11 +2757,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2771,10 +2771,10 @@ Optional: Optional: -- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--secret--items)) +- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--effective_storage--volumes--source--secret--items)) - `optional` (Boolean) optional field specify whether the Secret or its keys must be defined -- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret ### Nested Schema for `spec.rack_config.racks.effective_storage.volumes.source.secret.items` @@ -2782,11 +2782,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -2816,8 +2816,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node matches the corresponding matchExpressions; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to an update), the systemmay or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2841,11 +2841,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2854,11 +2854,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2884,11 +2884,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2897,11 +2897,11 @@ Optional: Required: - `key` (String) The label key that the selector applies to. -- `operator` (String) Represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. If the operator is Gt or Lt, the valuesarray must have a single element, which will be interpreted as an integer.This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. @@ -2912,8 +2912,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution` @@ -2921,22 +2921,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -2944,7 +2944,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -2952,11 +2952,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2966,7 +2966,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -2974,11 +2974,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2989,15 +2989,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -3005,7 +3005,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -3013,11 +3013,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3027,7 +3027,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -3035,11 +3035,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3050,8 +3050,8 @@ Optional: Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfythe anti-affinity expressions specified by this field, but it may choosea node that violates one or more of the expressions. The node that ismost preferred is the one with the greatest sum of weights, i.e.for each node that meets all of the scheduling requirements (resourcerequest, requiredDuringScheduling anti-affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; thenode(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met atscheduling time, the pod will not be scheduled onto the node.If the anti-affinity requirements specified by this field cease to be metat some point during pod execution (e.g. due to a pod label update), thesystem may or may not try to eventually evict the pod from its node.When there are multiple elements, the lists of nodes corresponding to eachpodAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` @@ -3059,22 +3059,22 @@ Optional: Required: - `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term)) -- `weight` (Number) weight associated with matching the corresponding podAffinityTerm,in the range 1-100. +- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term` Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector` @@ -3082,7 +3082,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions` @@ -3090,11 +3090,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3104,7 +3104,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions` @@ -3112,11 +3112,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3127,15 +3127,15 @@ Optional: Required: -- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matchingthe labelSelector in the specified namespaces, where co-located is defined as running on a nodewhose value of the label with key topologyKey matches that of any node on which any of theselected pods is running.Empty topologyKey is not allowed. +- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) -- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` @@ -3143,7 +3143,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions` @@ -3151,11 +3151,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3165,7 +3165,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--pod_spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.pod_spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions` @@ -3173,11 +3173,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3189,11 +3189,11 @@ Optional: Optional: -- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. -- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys. -- `operator` (String) Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category. -- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system. -- `value` (String) Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string. +- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. @@ -3212,12 +3212,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -3225,12 +3225,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -3243,15 +3243,15 @@ Required: Optional: - `aerospike` (Attributes) Aerospike attachment of this volume on Aerospike server container. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--aerospike)) -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. - `init_containers` (Attributes List) InitContainers are additional init containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--init_containers)) -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. - `sidecars` (Attributes List) Sidecars are side containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--sidecars)) - `source` (Attributes) Source of this volume. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source)) -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. ### Nested Schema for `spec.rack_config.racks.storage.volumes.aerospike` @@ -3269,10 +3269,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3293,10 +3293,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3317,10 +3317,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3330,18 +3330,18 @@ Optional: Optional: - `config_map` (Attributes) ConfigMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--config_map)) -- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--empty_dir)) +- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--empty_dir)) - `persistent_volume` (Attributes) PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--persistent_volume)) -- `secret` (Attributes) Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--secret)) +- `secret` (Attributes) Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--secret)) ### Nested Schema for `spec.rack_config.racks.storage.volumes.source.config_map` Optional: -- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--config_map--items)) -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--config_map--items)) +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined @@ -3350,11 +3350,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -3363,8 +3363,8 @@ Optional: Optional: -- `medium` (String) medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir -- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -3378,7 +3378,7 @@ Required: Optional: -- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be givenName string 'json:'name'' +- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be given Name string 'json:'name'' - `metadata` (Attributes) (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--persistent_volume--metadata)) - `selector` (Attributes) A label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--persistent_volume--selector)) @@ -3397,7 +3397,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--persistent_volume--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.rack_config.racks.storage.volumes.source.persistent_volume.selector.match_expressions` @@ -3405,11 +3405,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3419,10 +3419,10 @@ Optional: Optional: -- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--secret--items)) +- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--rack_config--racks--storage--volumes--source--secret--items)) - `optional` (Boolean) optional field specify whether the Secret or its keys must be defined -- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret ### Nested Schema for `spec.rack_config.racks.storage.volumes.source.secret.items` @@ -3430,11 +3430,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -3448,7 +3448,7 @@ Optional: Optional: -- `load_balancer` (Attributes) LoadBalancer created to discover Aerospike Cluster nodes from outside ofKubernetes cluster. (see [below for nested schema](#nestedatt--spec--seeds_finder_services--load_balancer)) +- `load_balancer` (Attributes) LoadBalancer created to discover Aerospike Cluster nodes from outside of Kubernetes cluster. (see [below for nested schema](#nestedatt--spec--seeds_finder_services--load_balancer)) ### Nested Schema for `spec.seeds_finder_services.load_balancer` @@ -3456,10 +3456,10 @@ Optional: Optional: - `annotations` (Map of String) -- `external_traffic_policy` (String) ServiceExternalTrafficPolicy describes how nodes distribute service traffic theyreceive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs,and LoadBalancer IPs. +- `external_traffic_policy` (String) ServiceExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's 'externally-facing' addresses (NodePorts, ExternalIPs, and LoadBalancer IPs. - `load_balancer_source_ranges` (List of String) - `port` (Number) Port Exposed port on load balancer. If not specified TargetPort is used. -- `target_port` (Number) TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config.If there is no tls port configured then regular port from network.service is used. +- `target_port` (Number) TargetPort Target port. If not specified the tls-port of network.service stanza is used from Aerospike config. If there is no tls port configured then regular port from network.service is used. @@ -3478,12 +3478,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -3491,12 +3491,12 @@ Optional: Optional: -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. @@ -3509,15 +3509,15 @@ Required: Optional: - `aerospike` (Attributes) Aerospike attachment of this volume on Aerospike server container. (see [below for nested schema](#nestedatt--spec--storage--volumes--aerospike)) -- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to isterminated and removed from the cluster. +- `cascade_delete` (Boolean) CascadeDelete determines if the persistent volumes are deleted after the pod this volume binds to is terminated and removed from the cluster. - `effective_cascade_delete` (Boolean) Effective/operative value to use for cascade delete after applying defaults. - `effective_init_method` (String) Effective/operative value to use as the volume init method after applying defaults. - `effective_wipe_method` (String) Effective/operative value to use as the volume wipe method after applying defaults. - `init_containers` (Attributes List) InitContainers are additional init containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--storage--volumes--init_containers)) -- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up thefirst time. Defaults to 'none'. +- `init_method` (String) InitMethod determines how volumes attached to Aerospike server pods are initialized when the pods come up the first time. Defaults to 'none'. - `sidecars` (Attributes List) Sidecars are side containers where this volume will be mounted (see [below for nested schema](#nestedatt--spec--storage--volumes--sidecars)) - `source` (Attributes) Source of this volume. (see [below for nested schema](#nestedatt--spec--storage--volumes--source)) -- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage formatchanges. +- `wipe_method` (String) WipeMethod determines how volumes attached to Aerospike server pods are wiped for dealing with storage format changes. ### Nested Schema for `spec.storage.volumes.aerospike` @@ -3535,10 +3535,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3559,10 +3559,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3583,10 +3583,10 @@ Optional: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. -- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. -- `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). -- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). +- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $( VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -3596,18 +3596,18 @@ Optional: Optional: - `config_map` (Attributes) ConfigMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--storage--volumes--source--config_map)) -- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--storage--volumes--source--empty_dir)) +- `empty_dir` (Attributes) EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--storage--volumes--source--empty_dir)) - `persistent_volume` (Attributes) PersistentVolumeSpec describes a persistent volume to claim and attach to Aerospike pods. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--persistent_volume)) -- `secret` (Attributes) Adapts a Secret into a volume.The contents of the target Secret's Data field will be presented in a volumeas files using the keys in the Data field as the file names.Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--secret)) +- `secret` (Attributes) Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--secret)) ### Nested Schema for `spec.storage.volumes.source.config_map` Optional: -- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--config_map--items)) -- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--config_map--items)) +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined @@ -3616,11 +3616,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -3629,8 +3629,8 @@ Optional: Optional: -- `medium` (String) medium represents what type of storage medium should back this directory.The default is '' which means to use the node's default medium.Must be an empty string (default) or Memory.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir -- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume.The size limit is also applicable for memory medium.The maximum usage on memory medium EmptyDir would be the minimum value betweenthe SizeLimit specified here and the sum of memory limits of all containers in a pod.The default is nil which means that the limit is undefined.More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -3644,7 +3644,7 @@ Required: Optional: -- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be givenName string 'json:'name'' +- `access_modes` (List of String) Name for creating PVC for this volume, Name or path should be given Name string 'json:'name'' - `metadata` (Attributes) (see [below for nested schema](#nestedatt--spec--storage--volumes--source--persistent_volume--metadata)) - `selector` (Attributes) A label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--persistent_volume--selector)) @@ -3663,7 +3663,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--persistent_volume--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.storage.volumes.source.persistent_volume.selector.match_expressions` @@ -3671,11 +3671,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -3685,10 +3685,10 @@ Optional: Optional: -- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal valuesfor mode bits. Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--secret--items)) +- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volumes--source--secret--items)) - `optional` (Boolean) optional field specify whether the Secret or its keys must be defined -- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use.More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret ### Nested Schema for `spec.storage.volumes.source.secret.items` @@ -3696,11 +3696,11 @@ Optional: Required: - `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -3712,5 +3712,5 @@ Optional: Required: -- `skip_work_dir_validate` (Boolean) skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage.Defaults to false. -- `skip_xdr_dlog_file_validate` (Boolean) ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage.Defaults to false. +- `skip_work_dir_validate` (Boolean) skipWorkDirValidate validates that Aerospike work directory is mounted on a persistent file storage. Defaults to false. +- `skip_xdr_dlog_file_validate` (Boolean) ValidateXdrDigestLogFile validates that xdr digest log file is mounted on a persistent file storage. Defaults to false. diff --git a/docs/data-sources/camel_apache_org_integration_platform_v1_manifest.md b/docs/data-sources/camel_apache_org_integration_platform_v1_manifest.md index 8cd88d563..c755bdc55 100644 --- a/docs/data-sources/camel_apache_org_integration_platform_v1_manifest.md +++ b/docs/data-sources/camel_apache_org_integration_platform_v1_manifest.md @@ -449,7 +449,7 @@ Optional: - `configuration` (Map of String) Legacy trait configuration parameters.Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `kind` (String) Allows to explicitly select the desired deployment kind between 'deployment', 'cron-job' or 'knative-service' when creating the resources for running the integration. -- `use_ssa` (Boolean) Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. +- `use_ssa` (Boolean) Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. diff --git a/docs/data-sources/camel_apache_org_integration_profile_v1_manifest.md b/docs/data-sources/camel_apache_org_integration_profile_v1_manifest.md index da7f472fd..57cfcf6d9 100644 --- a/docs/data-sources/camel_apache_org_integration_profile_v1_manifest.md +++ b/docs/data-sources/camel_apache_org_integration_profile_v1_manifest.md @@ -413,7 +413,7 @@ Optional: - `configuration` (Map of String) Legacy trait configuration parameters.Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `kind` (String) Allows to explicitly select the desired deployment kind between 'deployment', 'cron-job' or 'knative-service' when creating the resources for running the integration. -- `use_ssa` (Boolean) Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. +- `use_ssa` (Boolean) Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. diff --git a/docs/data-sources/camel_apache_org_integration_v1_manifest.md b/docs/data-sources/camel_apache_org_integration_v1_manifest.md index 4a19b09b4..d0e483130 100644 --- a/docs/data-sources/camel_apache_org_integration_v1_manifest.md +++ b/docs/data-sources/camel_apache_org_integration_v1_manifest.md @@ -3058,7 +3058,7 @@ Optional: - `configuration` (Map of String) Legacy trait configuration parameters.Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `kind` (String) Allows to explicitly select the desired deployment kind between 'deployment', 'cron-job' or 'knative-service' when creating the resources for running the integration. -- `use_ssa` (Boolean) Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. +- `use_ssa` (Boolean) Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. diff --git a/docs/data-sources/camel_apache_org_kamelet_binding_v1alpha1_manifest.md b/docs/data-sources/camel_apache_org_kamelet_binding_v1alpha1_manifest.md index a6501db91..860ac0b94 100644 --- a/docs/data-sources/camel_apache_org_kamelet_binding_v1alpha1_manifest.md +++ b/docs/data-sources/camel_apache_org_kamelet_binding_v1alpha1_manifest.md @@ -3071,7 +3071,7 @@ Optional: - `configuration` (Map of String) Legacy trait configuration parameters.Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `kind` (String) Allows to explicitly select the desired deployment kind between 'deployment', 'cron-job' or 'knative-service' when creating the resources for running the integration. -- `use_ssa` (Boolean) Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. +- `use_ssa` (Boolean) Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. diff --git a/docs/data-sources/camel_apache_org_pipe_v1_manifest.md b/docs/data-sources/camel_apache_org_pipe_v1_manifest.md index b93844726..cc011e5a1 100644 --- a/docs/data-sources/camel_apache_org_pipe_v1_manifest.md +++ b/docs/data-sources/camel_apache_org_pipe_v1_manifest.md @@ -3071,7 +3071,7 @@ Optional: - `configuration` (Map of String) Legacy trait configuration parameters.Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `kind` (String) Allows to explicitly select the desired deployment kind between 'deployment', 'cron-job' or 'knative-service' when creating the resources for running the integration. -- `use_ssa` (Boolean) Deprecated: won't be able to enforce client side update in the future.Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. +- `use_ssa` (Boolean) Use server-side apply to update the owned resources (default 'true').Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. diff --git a/docs/data-sources/ceph_rook_io_ceph_object_store_v1_manifest.md b/docs/data-sources/ceph_rook_io_ceph_object_store_v1_manifest.md index bf2d18b2f..07b460f08 100644 --- a/docs/data-sources/ceph_rook_io_ceph_object_store_v1_manifest.md +++ b/docs/data-sources/ceph_rook_io_ceph_object_store_v1_manifest.md @@ -1345,36 +1345,14 @@ Optional: ### Nested Schema for `spec.shared_pools` -Optional: +Required: - `data_pool_name` (String) The data pool used for creating RADOS namespaces in the object store - `metadata_pool_name` (String) The metadata pool used for creating RADOS namespaces in the object store -- `pool_placements` (Attributes List) PoolPlacements control which Pools are associated with a particular RGW bucket.Once PoolPlacements are defined, RGW client will be able to associate poolwith ObjectStore bucket by providing '' during s3 bucket creationor 'X-Storage-Policy' header during swift container creation.See: https://docs.ceph.com/en/latest/radosgw/placement/#placement-targetsPoolPlacement with name: 'default' will be used as a default pool if no optionis provided during bucket creation.If default placement is not provided, spec.sharedPools.dataPoolName and spec.sharedPools.MetadataPoolName will be used as default pools.If spec.sharedPools are also empty, then RGW pools (spec.dataPool and spec.metadataPool) will be used as defaults. (see [below for nested schema](#nestedatt--spec--shared_pools--pool_placements)) -- `preserve_rados_namespace_data_on_delete` (Boolean) Whether the RADOS namespaces should be preserved on deletion of the object store - - -### Nested Schema for `spec.shared_pools.pool_placements` - -Required: - -- `data_pool_name` (String) The data pool used to store ObjectStore objects data. -- `metadata_pool_name` (String) The metadata pool used to store ObjectStore bucket index. -- `name` (String) Pool placement name. Name can be arbitrary. Placement with name 'default' will be used as default. Optional: -- `data_non_ec_pool_name` (String) The data pool used to store ObjectStore data that cannot use erasure coding (ex: multi-part uploads).If dataPoolName is not erasure coded, then there is no need for dataNonECPoolName. -- `storage_classes` (Attributes List) StorageClasses can be selected by user to override dataPoolName during object creation.Each placement has default STANDARD StorageClass pointing to dataPoolName.This list allows defining additional StorageClasses on top of default STANDARD storage class. (see [below for nested schema](#nestedatt--spec--shared_pools--pool_placements--storage_classes)) - - -### Nested Schema for `spec.shared_pools.pool_placements.storage_classes` - -Required: - -- `data_pool_name` (String) DataPoolName is the data pool used to store ObjectStore objects data. -- `name` (String) Name is the StorageClass name. Ceph allows arbitrary name for StorageClasses,however most clients/libs insist on AWS names so it is recommended to useone of the valid x-amz-storage-class values for better compatibility:REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONESee AWS docs: https://aws.amazon.com/de/s3/storage-classes/ - - +- `preserve_rados_namespace_data_on_delete` (Boolean) Whether the RADOS namespaces should be preserved on deletion of the object store diff --git a/docs/data-sources/ceph_rook_io_ceph_object_zone_v1_manifest.md b/docs/data-sources/ceph_rook_io_ceph_object_zone_v1_manifest.md index b6e02b03d..195993f79 100644 --- a/docs/data-sources/ceph_rook_io_ceph_object_zone_v1_manifest.md +++ b/docs/data-sources/ceph_rook_io_ceph_object_zone_v1_manifest.md @@ -300,31 +300,11 @@ Optional: ### Nested Schema for `spec.shared_pools` -Optional: +Required: - `data_pool_name` (String) The data pool used for creating RADOS namespaces in the object store - `metadata_pool_name` (String) The metadata pool used for creating RADOS namespaces in the object store -- `pool_placements` (Attributes List) PoolPlacements control which Pools are associated with a particular RGW bucket.Once PoolPlacements are defined, RGW client will be able to associate poolwith ObjectStore bucket by providing '' during s3 bucket creationor 'X-Storage-Policy' header during swift container creation.See: https://docs.ceph.com/en/latest/radosgw/placement/#placement-targetsPoolPlacement with name: 'default' will be used as a default pool if no optionis provided during bucket creation.If default placement is not provided, spec.sharedPools.dataPoolName and spec.sharedPools.MetadataPoolName will be used as default pools.If spec.sharedPools are also empty, then RGW pools (spec.dataPool and spec.metadataPool) will be used as defaults. (see [below for nested schema](#nestedatt--spec--shared_pools--pool_placements)) -- `preserve_rados_namespace_data_on_delete` (Boolean) Whether the RADOS namespaces should be preserved on deletion of the object store - - -### Nested Schema for `spec.shared_pools.pool_placements` - -Required: - -- `data_pool_name` (String) The data pool used to store ObjectStore objects data. -- `metadata_pool_name` (String) The metadata pool used to store ObjectStore bucket index. -- `name` (String) Pool placement name. Name can be arbitrary. Placement with name 'default' will be used as default. Optional: -- `data_non_ec_pool_name` (String) The data pool used to store ObjectStore data that cannot use erasure coding (ex: multi-part uploads).If dataPoolName is not erasure coded, then there is no need for dataNonECPoolName. -- `storage_classes` (Attributes List) StorageClasses can be selected by user to override dataPoolName during object creation.Each placement has default STANDARD StorageClass pointing to dataPoolName.This list allows defining additional StorageClasses on top of default STANDARD storage class. (see [below for nested schema](#nestedatt--spec--shared_pools--pool_placements--storage_classes)) - - -### Nested Schema for `spec.shared_pools.pool_placements.storage_classes` - -Required: - -- `data_pool_name` (String) DataPoolName is the data pool used to store ObjectStore objects data. -- `name` (String) Name is the StorageClass name. Ceph allows arbitrary name for StorageClasses,however most clients/libs insist on AWS names so it is recommended to useone of the valid x-amz-storage-class values for better compatibility:REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONESee AWS docs: https://aws.amazon.com/de/s3/storage-classes/ +- `preserve_rados_namespace_data_on_delete` (Boolean) Whether the RADOS namespaces should be preserved on deletion of the object store diff --git a/docs/data-sources/cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest.md b/docs/data-sources/cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest.md index 2d8ca3934..39f0a584e 100644 --- a/docs/data-sources/cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest.md +++ b/docs/data-sources/cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumBGPPeeringPolicy is a Kubernetes third-party resource for instructingCilium's BGP control plane to create virtual BGP routers. + CiliumBGPPeeringPolicy is a Kubernetes third-party resource for instructing Cilium's BGP control plane to create virtual BGP routers. --- # k8s_cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest (Data Source) -CiliumBGPPeeringPolicy is a Kubernetes third-party resource for instructingCilium's BGP control plane to create virtual BGP routers. +CiliumBGPPeeringPolicy is a Kubernetes third-party resource for instructing Cilium's BGP control plane to create virtual BGP routers. ## Example Usage @@ -54,59 +54,59 @@ Optional: Required: -- `virtual_routers` (Attributes List) A list of CiliumBGPVirtualRouter(s) which instructsthe BGP control plane how to instantiate virtual BGP routers. (see [below for nested schema](#nestedatt--spec--virtual_routers)) +- `virtual_routers` (Attributes List) A list of CiliumBGPVirtualRouter(s) which instructs the BGP control plane how to instantiate virtual BGP routers. (see [below for nested schema](#nestedatt--spec--virtual_routers)) Optional: -- `node_selector` (Attributes) NodeSelector selects a group of nodes where this BGP PeeringPolicy applies.If empty / nil this policy applies to all nodes. (see [below for nested schema](#nestedatt--spec--node_selector)) +- `node_selector` (Attributes) NodeSelector selects a group of nodes where this BGP Peering Policy applies. If empty / nil this policy applies to all nodes. (see [below for nested schema](#nestedatt--spec--node_selector)) ### Nested Schema for `spec.virtual_routers` Required: -- `local_asn` (Number) LocalASN is the ASN of this virtual router.Supports extended 32bit ASNs +- `local_asn` (Number) LocalASN is the ASN of this virtual router. Supports extended 32bit ASNs - `neighbors` (Attributes List) Neighbors is a list of neighboring BGP peers for this virtual router (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors)) Optional: -- `export_pod_cidr` (Boolean) ExportPodCIDR determines whether to export the Node's private CIDR blockto the configured neighbors. -- `pod_ip_pool_selector` (Attributes) PodIPPoolSelector selects CiliumPodIPPools based on labels. The virtualrouter will announce allocated CIDRs of matching CiliumPodIPPools.If empty / nil no CiliumPodIPPools will be announced. (see [below for nested schema](#nestedatt--spec--virtual_routers--pod_ip_pool_selector)) -- `service_advertisements` (List of String) ServiceAdvertisements selects a group of BGP Advertisement(s) to advertisefor the selected services. -- `service_selector` (Attributes) ServiceSelector selects a group of load balancer services which thisvirtual router will announce. The loadBalancerClass for a service mustbe nil or specify a class supported by Cilium, e.g. 'io.cilium/bgp-control-plane'.Refer to the following document for additional details regarding load balancerclasses: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-classIf empty / nil no services will be announced. (see [below for nested schema](#nestedatt--spec--virtual_routers--service_selector)) +- `export_pod_cidr` (Boolean) ExportPodCIDR determines whether to export the Node's private CIDR block to the configured neighbors. +- `pod_ip_pool_selector` (Attributes) PodIPPoolSelector selects CiliumPodIPPools based on labels. The virtual router will announce allocated CIDRs of matching CiliumPodIPPools. If empty / nil no CiliumPodIPPools will be announced. (see [below for nested schema](#nestedatt--spec--virtual_routers--pod_ip_pool_selector)) +- `service_advertisements` (List of String) ServiceAdvertisements selects a group of BGP Advertisement(s) to advertise for the selected services. +- `service_selector` (Attributes) ServiceSelector selects a group of load balancer services which this virtual router will announce. The loadBalancerClass for a service must be nil or specify a class supported by Cilium, e.g. 'io.cilium/bgp-control-plane'. Refer to the following document for additional details regarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class If empty / nil no services will be announced. (see [below for nested schema](#nestedatt--spec--virtual_routers--service_selector)) ### Nested Schema for `spec.virtual_routers.neighbors` Required: -- `peer_address` (String) PeerAddress is the IP address of the peer.This must be in CIDR notation and use a /32 to expressa single host. -- `peer_asn` (Number) PeerASN is the ASN of the peer BGP router.Supports extended 32bit ASNs +- `peer_address` (String) PeerAddress is the IP address of the peer. This must be in CIDR notation and use a /32 to express a single host. +- `peer_asn` (Number) PeerASN is the ASN of the peer BGP router. Supports extended 32bit ASNs Optional: -- `advertised_path_attributes` (Attributes List) AdvertisedPathAttributes can be used to apply additional path attributesto selected routes when advertising them to the peer.If empty / nil, no additional path attributes are advertised. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--advertised_path_attributes)) -- `auth_secret_ref` (String) AuthSecretRef is the name of the secret to use to fetch a TCPauthentication password for this peer. +- `advertised_path_attributes` (Attributes List) AdvertisedPathAttributes can be used to apply additional path attributes to selected routes when advertising them to the peer. If empty / nil, no additional path attributes are advertised. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--advertised_path_attributes)) +- `auth_secret_ref` (String) AuthSecretRef is the name of the secret to use to fetch a TCP authentication password for this peer. - `connect_retry_time_seconds` (Number) ConnectRetryTimeSeconds defines the initial value for the BGP ConnectRetryTimer (RFC 4271, Section 8). -- `e_bgp_multihop_ttl` (Number) EBGPMultihopTTL controls the multi-hop feature for eBGP peers.Its value defines the Time To Live (TTL) value used in BGP packets sent to the neighbor.The value 1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed).This field is ignored for iBGP peers. -- `families` (Attributes List) Families, if provided, defines a set of AFI/SAFIs the speaker willnegotiate with it's peer.If this slice is not provided the default families of IPv6 and IPv4 willbe provided. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--families)) -- `graceful_restart` (Attributes) GracefulRestart defines graceful restart parameters which are negotiatedwith this neighbor. If empty / nil, the graceful restart capability is disabled. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--graceful_restart)) -- `hold_time_seconds` (Number) HoldTimeSeconds defines the initial value for the BGP HoldTimer (RFC 4271, Section 4.2).Updating this value will cause a session reset. -- `keep_alive_time_seconds` (Number) KeepaliveTimeSeconds defines the initial value for the BGP KeepaliveTimer (RFC 4271, Section 8).It can not be larger than HoldTimeSeconds. Updating this value will cause a session reset. -- `peer_port` (Number) PeerPort is the TCP port of the peer. 1-65535 is the range ofvalid port numbers that can be specified. If unset, defaults to 179. +- `e_bgp_multihop_ttl` (Number) EBGPMultihopTTL controls the multi-hop feature for eBGP peers. Its value defines the Time To Live (TTL) value used in BGP packets sent to the neighbor. The value 1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed). This field is ignored for iBGP peers. +- `families` (Attributes List) Families, if provided, defines a set of AFI/SAFIs the speaker will negotiate with it's peer. If this slice is not provided the default families of IPv6 and IPv4 will be provided. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--families)) +- `graceful_restart` (Attributes) GracefulRestart defines graceful restart parameters which are negotiated with this neighbor. If empty / nil, the graceful restart capability is disabled. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--graceful_restart)) +- `hold_time_seconds` (Number) HoldTimeSeconds defines the initial value for the BGP HoldTimer (RFC 4271, Section 4.2). Updating this value will cause a session reset. +- `keep_alive_time_seconds` (Number) KeepaliveTimeSeconds defines the initial value for the BGP KeepaliveTimer (RFC 4271, Section 8). It can not be larger than HoldTimeSeconds. Updating this value will cause a session reset. +- `peer_port` (Number) PeerPort is the TCP port of the peer. 1-65535 is the range of valid port numbers that can be specified. If unset, defaults to 179. ### Nested Schema for `spec.virtual_routers.neighbors.advertised_path_attributes` Required: -- `selector_type` (String) SelectorType defines the object type on which the Selector applies:- For 'PodCIDR' the Selector matches k8s CiliumNode resources (path attributes apply to routes announced for PodCIDRs of selected CiliumNodes. Only affects routes of cluster scope / Kubernetes IPAM CIDRs, not Multi-Pool IPAM CIDRs.- For 'CiliumLoadBalancerIPPool' the Selector matches CiliumLoadBalancerIPPool custom resources (path attributes apply to routes announced for selected CiliumLoadBalancerIPPools).- For 'CiliumPodIPPool' the Selector matches CiliumPodIPPool custom resources (path attributes apply to routes announced for allocated CIDRs of selected CiliumPodIPPools). +- `selector_type` (String) SelectorType defines the object type on which the Selector applies: - For 'PodCIDR' the Selector matches k8s CiliumNode resources (path attributes apply to routes announced for PodCIDRs of selected CiliumNodes. Only affects routes of cluster scope / Kubernetes IPAM CIDRs, not Multi-Pool IPAM CIDRs. - For 'CiliumLoadBalancerIPPool' the Selector matches CiliumLoadBalancerIPPool custom resources (path attributes apply to routes announced for selected CiliumLoadBalancerIPPools). - For 'CiliumPodIPPool' the Selector matches CiliumPodIPPool custom resources (path attributes apply to routes announced for allocated CIDRs of selected CiliumPodIPPools). Optional: -- `communities` (Attributes) Communities defines a set of community values advertised in the supported BGP Communities path attributes.If nil / not set, no BGP Communities path attribute will be advertised. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--advertised_path_attributes--communities)) -- `local_preference` (Number) LocalPreference defines the preference value advertised in the BGP Local Preference path attribute.As Local Preference is only valid for iBGP peers, this value will be ignored for eBGP peers(no Local Preference path attribute will be advertised).If nil / not set, the default Local Preference of 100 will be advertised inthe Local Preference path attribute for iBGP peers. -- `selector` (Attributes) Selector selects a group of objects of the SelectorTyperesulting into routes that will be announced with the configured Attributes.If nil / not set, all objects of the SelectorType are selected. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--advertised_path_attributes--selector)) +- `communities` (Attributes) Communities defines a set of community values advertised in the supported BGP Communities path attributes. If nil / not set, no BGP Communities path attribute will be advertised. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--advertised_path_attributes--communities)) +- `local_preference` (Number) LocalPreference defines the preference value advertised in the BGP Local Preference path attribute. As Local Preference is only valid for iBGP peers, this value will be ignored for eBGP peers (no Local Preference path attribute will be advertised). If nil / not set, the default Local Preference of 100 will be advertised in the Local Preference path attribute for iBGP peers. +- `selector` (Attributes) Selector selects a group of objects of the SelectorType resulting into routes that will be announced with the configured Attributes. If nil / not set, all objects of the SelectorType are selected. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--advertised_path_attributes--selector)) ### Nested Schema for `spec.virtual_routers.neighbors.advertised_path_attributes.communities` @@ -115,7 +115,7 @@ Optional: - `large` (List of String) Large holds a list of the BGP Large Communities Attribute (RFC 8092) values. - `standard` (List of String) Standard holds a list of 'standard' 32-bit BGP Communities Attribute (RFC 1997) values defined as numeric values. -- `well_known` (List of String) WellKnown holds a list 'standard' 32-bit BGP Communities Attribute (RFC 1997) values defined aswell-known string aliases to their numeric values. +- `well_known` (List of String) WellKnown holds a list 'standard' 32-bit BGP Communities Attribute (RFC 1997) values defined as well-known string aliases to their numeric values. @@ -124,7 +124,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--virtual_routers--neighbors--advertised_path_attributes--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.virtual_routers.neighbors.advertised_path_attributes.selector.match_expressions` @@ -132,11 +132,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -159,7 +159,7 @@ Required: Optional: -- `restart_time_seconds` (Number) RestartTimeSeconds is the estimated time it will take for the BGPsession to be re-established with peer after a restart.After this period, peer will remove stale routes. This isdescribed RFC 4724 section 4.2. +- `restart_time_seconds` (Number) RestartTimeSeconds is the estimated time it will take for the BGP session to be re-established with peer after a restart. After this period, peer will remove stale routes. This is described RFC 4724 section 4.2. @@ -169,7 +169,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--virtual_routers--pod_ip_pool_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.virtual_routers.pod_ip_pool_selector.match_expressions` @@ -177,11 +177,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -191,7 +191,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--virtual_routers--service_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.virtual_routers.service_selector.match_expressions` @@ -199,11 +199,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -214,7 +214,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.node_selector.match_expressions` @@ -222,8 +222,8 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. diff --git a/docs/data-sources/cilium_io_cilium_cidr_group_v2alpha1_manifest.md b/docs/data-sources/cilium_io_cilium_cidr_group_v2alpha1_manifest.md index 733c02a54..e299fcf58 100644 --- a/docs/data-sources/cilium_io_cilium_cidr_group_v2alpha1_manifest.md +++ b/docs/data-sources/cilium_io_cilium_cidr_group_v2alpha1_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_cidr_group_v2alpha1_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumCIDRGroup is a list of external CIDRs (i.e: CIDRs selecting peersoutside the clusters) that can be referenced as a single entity fromCiliumNetworkPolicies. + CiliumCIDRGroup is a list of external CIDRs (i.e: CIDRs selecting peers outside the clusters) that can be referenced as a single entity from CiliumNetworkPolicies. --- # k8s_cilium_io_cilium_cidr_group_v2alpha1_manifest (Data Source) -CiliumCIDRGroup is a list of external CIDRs (i.e: CIDRs selecting peersoutside the clusters) that can be referenced as a single entity fromCiliumNetworkPolicies. +CiliumCIDRGroup is a list of external CIDRs (i.e: CIDRs selecting peers outside the clusters) that can be referenced as a single entity from CiliumNetworkPolicies. ## Example Usage @@ -16,7 +16,9 @@ CiliumCIDRGroup is a list of external CIDRs (i.e: CIDRs selecting peersoutside t data "k8s_cilium_io_cilium_cidr_group_v2alpha1_manifest" "example" { metadata = { name = "some-name" - + } + spec = { + external_cidrs = [] } } ``` @@ -51,4 +53,4 @@ Optional: Required: -- `external_cid_rs` (List of String) ExternalCIDRs is a list of CIDRs selecting peers outside the clusters. +- `external_cidrs` (List of String) ExternalCIDRs is a list of CIDRs selecting peers outside the clusters. diff --git a/docs/data-sources/cilium_io_cilium_clusterwide_envoy_config_v2_manifest.md b/docs/data-sources/cilium_io_cilium_clusterwide_envoy_config_v2_manifest.md index 1e2452673..b55c1ddcc 100644 --- a/docs/data-sources/cilium_io_cilium_clusterwide_envoy_config_v2_manifest.md +++ b/docs/data-sources/cilium_io_cilium_clusterwide_envoy_config_v2_manifest.md @@ -52,27 +52,24 @@ Optional: ### Nested Schema for `spec` -Required: - -- `resources` (List of Map of String) Envoy xDS resources, a list of the following Envoy resource types:type.googleapis.com/envoy.config.listener.v3.Listener,type.googleapis.com/envoy.config.route.v3.RouteConfiguration,type.googleapis.com/envoy.config.cluster.v3.Cluster,type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, andtype.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret. - Optional: -- `backend_services` (Attributes List) BackendServices specifies Kubernetes services whose backendsare automatically synced to Envoy using EDS. Traffic for theseservices is not forwarded to an Envoy listener. This allows anEnvoy listener load balance traffic to these backends whilenormal Cilium service load balancing takes care of balancingtraffic for these services at the same time. (see [below for nested schema](#nestedatt--spec--backend_services)) -- `node_selector` (Attributes) NodeSelector is a label selector that determines to which nodesthis configuration applies.If nil, then this config applies to all nodes. (see [below for nested schema](#nestedatt--spec--node_selector)) -- `services` (Attributes List) Services specifies Kubernetes services for which traffic isforwarded to an Envoy listener for L7 load balancing. Backendsof these services are automatically synced to Envoy usign EDS. (see [below for nested schema](#nestedatt--spec--services)) +- `backend_services` (Attributes List) BackendServices specifies Kubernetes services whose backends are automatically synced to Envoy using EDS. Traffic for these services is not forwarded to an Envoy listener. This allows an Envoy listener load balance traffic to these backends while normal Cilium service load balancing takes care of balancing traffic for these services at the same time. (see [below for nested schema](#nestedatt--spec--backend_services)) +- `node_selector` (Attributes) NodeSelector is a label selector that determines to which nodes this configuration applies. If nil, then this config applies to all nodes. (see [below for nested schema](#nestedatt--spec--node_selector)) +- `resources` (List of Map of String) Envoy xDS resources, a list of the following Envoy resource types: type.googleapis.com/envoy.config.listener.v3.Listener, type.googleapis.com/envoy.config.route.v3.RouteConfiguration, type.googleapis.com/envoy.config.cluster.v3.Cluster, type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, and type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret. +- `services` (Attributes List) Services specifies Kubernetes services for which traffic is forwarded to an Envoy listener for L7 load balancing. Backends of these services are automatically synced to Envoy usign EDS. (see [below for nested schema](#nestedatt--spec--services)) ### Nested Schema for `spec.backend_services` Required: -- `name` (String) Name is the name of a destination Kubernetes service that identifies trafficto be redirected. +- `name` (String) Name is the name of a destination Kubernetes service that identifies traffic to be redirected. Optional: -- `namespace` (String) Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace defaults to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'. -- `number` (List of String) Ports is a set of port numbers, which can be used for filtering in case of underlyingis exposing multiple port numbers. +- `namespace` (String) Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace defaults to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'. +- `number` (List of String) Ports is a set of port numbers, which can be used for filtering in case of underlying is exposing multiple port numbers. @@ -81,7 +78,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.node_selector.match_expressions` @@ -89,11 +86,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -102,10 +99,10 @@ Optional: Required: -- `name` (String) Name is the name of a destination Kubernetes service that identifies trafficto be redirected. +- `name` (String) Name is the name of a destination Kubernetes service that identifies traffic to be redirected. Optional: -- `listener` (String) Listener specifies the name of the Envoy listener theservice traffic is redirected to. The listener must bespecified in the Envoy 'resources' of the sameCiliumEnvoyConfig.If omitted, the first listener specified in 'resources' isused. -- `namespace` (String) Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'. -- `ports` (List of String) Ports is a set of service's frontend ports that should be redirected to the Envoylistener. By default all frontend ports of the service are redirected. +- `listener` (String) Listener specifies the name of the Envoy listener the service traffic is redirected to. The listener must be specified in the Envoy 'resources' of the same CiliumEnvoyConfig. If omitted, the first listener specified in 'resources' is used. +- `namespace` (String) Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'. +- `ports` (List of String) Ports is a set of service's frontend ports that should be redirected to the Envoy listener. By default all frontend ports of the service are redirected. diff --git a/docs/data-sources/cilium_io_cilium_clusterwide_network_policy_v2_manifest.md b/docs/data-sources/cilium_io_cilium_clusterwide_network_policy_v2_manifest.md index ab951872b..3368789bd 100644 --- a/docs/data-sources/cilium_io_cilium_clusterwide_network_policy_v2_manifest.md +++ b/docs/data-sources/cilium_io_cilium_clusterwide_network_policy_v2_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_clusterwide_network_policy_v2_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with anmodified version of CiliumNetworkPolicy which is cluster scoped rather thannamespace scoped. + CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with an modified version of CiliumNetworkPolicy which is cluster scoped rather than namespace scoped. --- # k8s_cilium_io_cilium_clusterwide_network_policy_v2_manifest (Data Source) -CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with anmodified version of CiliumNetworkPolicy which is cluster scoped rather thannamespace scoped. +CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with an modified version of CiliumNetworkPolicy which is cluster scoped rather than namespace scoped. ## Example Usage @@ -55,15 +55,15 @@ Optional: Optional: -- `description` (String) Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment. -- `egress` (Attributes List) Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--spec--egress)) -- `egress_deny` (Attributes List) EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--spec--egress_deny)) -- `enable_default_deny` (Attributes) EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode. (see [below for nested schema](#nestedatt--spec--enable_default_deny)) -- `endpoint_selector` (Attributes) EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive. (see [below for nested schema](#nestedatt--spec--endpoint_selector)) -- `ingress` (Attributes List) Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--spec--ingress)) -- `ingress_deny` (Attributes List) IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--spec--ingress_deny)) -- `labels` (Attributes List) Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels. (see [below for nested schema](#nestedatt--spec--labels)) -- `node_selector` (Attributes) NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies. (see [below for nested schema](#nestedatt--spec--node_selector)) +- `description` (String) Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment. +- `egress` (Attributes List) Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--spec--egress)) +- `egress_deny` (Attributes List) EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--spec--egress_deny)) +- `enable_default_deny` (Attributes) EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode. (see [below for nested schema](#nestedatt--spec--enable_default_deny)) +- `endpoint_selector` (Attributes) EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. (see [below for nested schema](#nestedatt--spec--endpoint_selector)) +- `ingress` (Attributes List) Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--spec--ingress)) +- `ingress_deny` (Attributes List) IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--spec--ingress_deny)) +- `labels` (Attributes List) Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels. (see [below for nested schema](#nestedatt--spec--labels)) +- `node_selector` (Attributes) NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies. (see [below for nested schema](#nestedatt--spec--node_selector)) ### Nested Schema for `spec.egress` @@ -71,17 +71,17 @@ Optional: Optional: - `authentication` (Attributes) Authentication is the required authentication type for the allowed traffic, if any. (see [below for nested schema](#nestedatt--spec--egress--authentication)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--egress--icmps)) -- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 -- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--spec--egress--to_cidr_set)) -- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--spec--egress--to_endpoints)) -- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'. -- `to_fqd_ns` (Attributes List) ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules. (see [below for nested schema](#nestedatt--spec--egress--to_fqd_ns)) -- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--egress--to_groups)) -- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--spec--egress--to_nodes)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp (see [below for nested schema](#nestedatt--spec--egress--to_ports)) -- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--egress--to_requires)) -- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--spec--egress--to_services)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--egress--icmps)) +- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 +- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--spec--egress--to_cidr_set)) +- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--spec--egress--to_endpoints)) +- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'. +- `to_fqd_ns` (Attributes List) ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules. (see [below for nested schema](#nestedatt--spec--egress--to_fqd_ns)) +- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--egress--to_groups)) +- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--spec--egress--to_nodes)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp (see [below for nested schema](#nestedatt--spec--egress--to_ports)) +- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--egress--to_requires)) +- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--spec--egress--to_services)) ### Nested Schema for `spec.egress.authentication` @@ -103,11 +103,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -117,8 +117,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -127,7 +127,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress--to_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress.to_endpoints.match_expressions` @@ -135,11 +135,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -148,8 +148,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -177,7 +177,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress--to_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress.to_nodes.match_expressions` @@ -185,11 +185,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -198,35 +198,35 @@ Optional: Optional: -- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should beredirected to. (see [below for nested schema](#nestedatt--spec--egress--to_ports--listener)) -- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint. (see [below for nested schema](#nestedatt--spec--egress--to_ports--originating_tls)) +- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should be redirected to. (see [below for nested schema](#nestedatt--spec--egress--to_ports--listener)) +- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint. (see [below for nested schema](#nestedatt--spec--egress--to_ports--originating_tls)) - `ports` (Attributes List) Ports is a list of L4 port/protocol (see [below for nested schema](#nestedatt--spec--egress--to_ports--ports)) -- `rules` (Attributes) Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules)) -- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake. -- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--spec--egress--to_ports--terminating_tls)) +- `rules` (Attributes) Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules)) +- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake. +- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--spec--egress--to_ports--terminating_tls)) ### Nested Schema for `spec.egress.to_ports.listener` Required: -- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined. (see [below for nested schema](#nestedatt--spec--egress--to_ports--listener--envoy_config)) +- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined. (see [below for nested schema](#nestedatt--spec--egress--to_ports--listener--envoy_config)) - `name` (String) Name is the name of the listener. Optional: -- `priority` (Number) Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent. +- `priority` (Number) Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent. ### Nested Schema for `spec.egress.to_ports.listener.envoy_config` Required: -- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in. +- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in. Optional: -- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed. +- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed. @@ -235,13 +235,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--egress--to_ports--originating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--egress--to_ports--originating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `spec.egress.to_ports.originating_tls.secret` @@ -252,7 +252,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -261,12 +261,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -285,8 +285,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -294,11 +294,11 @@ Optional: Optional: -- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules--http--header_matches)) -- `headers` (List of String) Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present. -- `host` (String) Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored. -- `method` (String) Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed. -- `path` (String) Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed. +- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules--http--header_matches)) +- `headers` (List of String) Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. +- `host` (String) Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored. +- `method` (String) Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed. +- `path` (String) Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed. ### Nested Schema for `spec.egress.to_ports.rules.http.header_matches` @@ -309,9 +309,9 @@ Required: Optional: -- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log. -- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules--http--header_matches--secret)) -- `value` (String) Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case. +- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log. +- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules--http--header_matches--secret)) +- `value` (String) Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case. ### Nested Schema for `spec.egress.to_ports.rules.http.header_matches.secret` @@ -322,7 +322,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -332,11 +332,11 @@ Optional: Optional: -- `api_key` (String) APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed. -- `api_version` (String) APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed. -- `client_id` (String) ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed. -- `role` (String) Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed. -- `topic` (String) Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed. +- `api_key` (String) APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed. +- `api_version` (String) APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed. +- `client_id` (String) ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed. +- `role` (String) Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed. +- `topic` (String) Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed. @@ -345,13 +345,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--egress--to_ports--terminating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--egress--to_ports--terminating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `spec.egress.to_ports.terminating_tls.secret` @@ -362,7 +362,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -373,7 +373,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress--to_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress.to_requires.match_expressions` @@ -381,11 +381,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -423,7 +423,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress--to_services--k8s_service_selector--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress.to_services.k8s_service_selector.selector.match_expressions` @@ -431,11 +431,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -447,16 +447,16 @@ Optional: Optional: -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--egress_deny--icmps)) -- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 -- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--spec--egress_deny--to_cidr_set)) -- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--spec--egress_deny--to_endpoints)) -- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'. -- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--egress_deny--to_groups)) -- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--spec--egress_deny--to_nodes)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp (see [below for nested schema](#nestedatt--spec--egress_deny--to_ports)) -- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--egress_deny--to_requires)) -- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--spec--egress_deny--to_services)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--egress_deny--icmps)) +- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 +- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--spec--egress_deny--to_cidr_set)) +- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--spec--egress_deny--to_endpoints)) +- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'. +- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--egress_deny--to_groups)) +- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--spec--egress_deny--to_nodes)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp (see [below for nested schema](#nestedatt--spec--egress_deny--to_ports)) +- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--egress_deny--to_requires)) +- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--spec--egress_deny--to_services)) ### Nested Schema for `spec.egress_deny.icmps` @@ -470,11 +470,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -484,8 +484,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -494,7 +494,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress_deny--to_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress_deny.to_endpoints.match_expressions` @@ -502,11 +502,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -535,7 +535,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress_deny--to_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress_deny.to_nodes.match_expressions` @@ -543,11 +543,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -563,12 +563,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -578,7 +578,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress_deny--to_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress_deny.to_requires.match_expressions` @@ -586,11 +586,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -628,7 +628,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress_deny--to_services--k8s_service_selector--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress_deny.to_services.k8s_service_selector.selector.match_expressions` @@ -636,11 +636,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -652,8 +652,8 @@ Optional: Optional: -- `egress` (Boolean) Whether or not the endpoint should have a default-deny rule appliedto egress traffic. -- `ingress` (Boolean) Whether or not the endpoint should have a default-deny rule appliedto ingress traffic. +- `egress` (Boolean) Whether or not the endpoint should have a default-deny rule applied to egress traffic. +- `ingress` (Boolean) Whether or not the endpoint should have a default-deny rule applied to ingress traffic. @@ -662,7 +662,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--endpoint_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.endpoint_selector.match_expressions` @@ -670,11 +670,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -684,15 +684,15 @@ Optional: Optional: - `authentication` (Attributes) Authentication is the required authentication type for the allowed traffic, if any. (see [below for nested schema](#nestedatt--spec--ingress--authentication)) -- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1 -- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--spec--ingress--from_cidr_set)) -- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--spec--ingress--from_endpoints)) -- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host' -- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--ingress--from_groups)) -- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule. (see [below for nested schema](#nestedatt--spec--ingress--from_nodes)) -- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--ingress--from_requires)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--ingress--icmps)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp. (see [below for nested schema](#nestedatt--spec--ingress--to_ports)) +- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1 +- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--spec--ingress--from_cidr_set)) +- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--spec--ingress--from_endpoints)) +- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host' +- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--ingress--from_groups)) +- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. (see [below for nested schema](#nestedatt--spec--ingress--from_nodes)) +- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--ingress--from_requires)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--ingress--icmps)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp. (see [below for nested schema](#nestedatt--spec--ingress--to_ports)) ### Nested Schema for `spec.ingress.authentication` @@ -708,8 +708,8 @@ Required: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -718,7 +718,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress--from_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress.from_endpoints.match_expressions` @@ -726,11 +726,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -759,7 +759,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress--from_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress.from_nodes.match_expressions` @@ -767,11 +767,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -781,7 +781,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress--from_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress.from_requires.match_expressions` @@ -789,11 +789,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -809,11 +809,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -822,35 +822,35 @@ Optional: Optional: -- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should beredirected to. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--listener)) -- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--originating_tls)) +- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should be redirected to. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--listener)) +- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--originating_tls)) - `ports` (Attributes List) Ports is a list of L4 port/protocol (see [below for nested schema](#nestedatt--spec--ingress--to_ports--ports)) -- `rules` (Attributes) Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules)) -- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake. -- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--terminating_tls)) +- `rules` (Attributes) Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules)) +- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake. +- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--terminating_tls)) ### Nested Schema for `spec.ingress.to_ports.listener` Required: -- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--listener--envoy_config)) +- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--listener--envoy_config)) - `name` (String) Name is the name of the listener. Optional: -- `priority` (Number) Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent. +- `priority` (Number) Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent. ### Nested Schema for `spec.ingress.to_ports.listener.envoy_config` Required: -- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in. +- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in. Optional: -- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed. +- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed. @@ -859,13 +859,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--originating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--originating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `spec.ingress.to_ports.originating_tls.secret` @@ -876,7 +876,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -885,12 +885,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -909,8 +909,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -918,11 +918,11 @@ Optional: Optional: -- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules--http--header_matches)) -- `headers` (List of String) Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present. -- `host` (String) Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored. -- `method` (String) Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed. -- `path` (String) Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed. +- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules--http--header_matches)) +- `headers` (List of String) Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. +- `host` (String) Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored. +- `method` (String) Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed. +- `path` (String) Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed. ### Nested Schema for `spec.ingress.to_ports.rules.http.header_matches` @@ -933,9 +933,9 @@ Required: Optional: -- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log. -- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules--http--header_matches--secret)) -- `value` (String) Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case. +- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log. +- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules--http--header_matches--secret)) +- `value` (String) Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case. ### Nested Schema for `spec.ingress.to_ports.rules.http.header_matches.secret` @@ -946,7 +946,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -956,11 +956,11 @@ Optional: Optional: -- `api_key` (String) APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed. -- `api_version` (String) APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed. -- `client_id` (String) ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed. -- `role` (String) Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed. -- `topic` (String) Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed. +- `api_key` (String) APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed. +- `api_version` (String) APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed. +- `client_id` (String) ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed. +- `role` (String) Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed. +- `topic` (String) Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed. @@ -969,13 +969,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--terminating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--terminating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `spec.ingress.to_ports.terminating_tls.secret` @@ -986,7 +986,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -997,15 +997,15 @@ Optional: Optional: -- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1 -- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_cidr_set)) -- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_endpoints)) -- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host' -- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--ingress_deny--from_groups)) -- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_nodes)) -- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_requires)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--ingress_deny--icmps)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp. (see [below for nested schema](#nestedatt--spec--ingress_deny--to_ports)) +- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1 +- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_cidr_set)) +- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_endpoints)) +- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host' +- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--ingress_deny--from_groups)) +- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_nodes)) +- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_requires)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--ingress_deny--icmps)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp. (see [below for nested schema](#nestedatt--spec--ingress_deny--to_ports)) ### Nested Schema for `spec.ingress_deny.from_cidr_set` @@ -1013,8 +1013,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -1023,7 +1023,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress_deny.from_endpoints.match_expressions` @@ -1031,11 +1031,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1064,7 +1064,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress_deny.from_nodes.match_expressions` @@ -1072,11 +1072,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1086,7 +1086,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress_deny.from_requires.match_expressions` @@ -1094,11 +1094,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1114,11 +1114,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -1134,12 +1134,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -1163,7 +1163,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.node_selector.match_expressions` @@ -1171,11 +1171,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1185,15 +1185,15 @@ Optional: Optional: -- `description` (String) Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment. -- `egress` (Attributes List) Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--specs--egress)) -- `egress_deny` (Attributes List) EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--specs--egress_deny)) -- `enable_default_deny` (Attributes) EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode. (see [below for nested schema](#nestedatt--specs--enable_default_deny)) -- `endpoint_selector` (Attributes) EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive. (see [below for nested schema](#nestedatt--specs--endpoint_selector)) -- `ingress` (Attributes List) Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--specs--ingress)) -- `ingress_deny` (Attributes List) IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--specs--ingress_deny)) -- `labels` (Attributes List) Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels. (see [below for nested schema](#nestedatt--specs--labels)) -- `node_selector` (Attributes) NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies. (see [below for nested schema](#nestedatt--specs--node_selector)) +- `description` (String) Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment. +- `egress` (Attributes List) Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--specs--egress)) +- `egress_deny` (Attributes List) EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--specs--egress_deny)) +- `enable_default_deny` (Attributes) EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode. (see [below for nested schema](#nestedatt--specs--enable_default_deny)) +- `endpoint_selector` (Attributes) EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. (see [below for nested schema](#nestedatt--specs--endpoint_selector)) +- `ingress` (Attributes List) Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--specs--ingress)) +- `ingress_deny` (Attributes List) IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--specs--ingress_deny)) +- `labels` (Attributes List) Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels. (see [below for nested schema](#nestedatt--specs--labels)) +- `node_selector` (Attributes) NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies. (see [below for nested schema](#nestedatt--specs--node_selector)) ### Nested Schema for `specs.egress` @@ -1201,17 +1201,17 @@ Optional: Optional: - `authentication` (Attributes) Authentication is the required authentication type for the allowed traffic, if any. (see [below for nested schema](#nestedatt--specs--egress--authentication)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--egress--icmps)) -- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 -- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--specs--egress--to_cidr_set)) -- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--specs--egress--to_endpoints)) -- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'. -- `to_fqd_ns` (Attributes List) ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules. (see [below for nested schema](#nestedatt--specs--egress--to_fqd_ns)) -- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--egress--to_groups)) -- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--specs--egress--to_nodes)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp (see [below for nested schema](#nestedatt--specs--egress--to_ports)) -- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--egress--to_requires)) -- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--specs--egress--to_services)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--egress--icmps)) +- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 +- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--specs--egress--to_cidr_set)) +- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--specs--egress--to_endpoints)) +- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'. +- `to_fqd_ns` (Attributes List) ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules. (see [below for nested schema](#nestedatt--specs--egress--to_fqd_ns)) +- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--egress--to_groups)) +- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--specs--egress--to_nodes)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp (see [below for nested schema](#nestedatt--specs--egress--to_ports)) +- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--egress--to_requires)) +- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--specs--egress--to_services)) ### Nested Schema for `specs.egress.authentication` @@ -1233,11 +1233,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -1247,8 +1247,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -1257,7 +1257,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress--to_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress.to_endpoints.match_expressions` @@ -1265,11 +1265,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1278,8 +1278,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -1307,7 +1307,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress--to_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress.to_nodes.match_expressions` @@ -1315,11 +1315,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1328,35 +1328,35 @@ Optional: Optional: -- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should beredirected to. (see [below for nested schema](#nestedatt--specs--egress--to_ports--listener)) -- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint. (see [below for nested schema](#nestedatt--specs--egress--to_ports--originating_tls)) +- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should be redirected to. (see [below for nested schema](#nestedatt--specs--egress--to_ports--listener)) +- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint. (see [below for nested schema](#nestedatt--specs--egress--to_ports--originating_tls)) - `ports` (Attributes List) Ports is a list of L4 port/protocol (see [below for nested schema](#nestedatt--specs--egress--to_ports--ports)) -- `rules` (Attributes) Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules)) -- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake. -- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--specs--egress--to_ports--terminating_tls)) +- `rules` (Attributes) Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules)) +- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake. +- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--specs--egress--to_ports--terminating_tls)) ### Nested Schema for `specs.egress.to_ports.listener` Required: -- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined. (see [below for nested schema](#nestedatt--specs--egress--to_ports--listener--envoy_config)) +- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined. (see [below for nested schema](#nestedatt--specs--egress--to_ports--listener--envoy_config)) - `name` (String) Name is the name of the listener. Optional: -- `priority` (Number) Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent. +- `priority` (Number) Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent. ### Nested Schema for `specs.egress.to_ports.listener.envoy_config` Required: -- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in. +- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in. Optional: -- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed. +- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed. @@ -1365,13 +1365,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--egress--to_ports--originating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--egress--to_ports--originating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `specs.egress.to_ports.originating_tls.secret` @@ -1382,7 +1382,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -1391,12 +1391,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -1415,8 +1415,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -1424,11 +1424,11 @@ Optional: Optional: -- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules--http--header_matches)) -- `headers` (List of String) Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present. -- `host` (String) Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored. -- `method` (String) Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed. -- `path` (String) Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed. +- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules--http--header_matches)) +- `headers` (List of String) Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. +- `host` (String) Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored. +- `method` (String) Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed. +- `path` (String) Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed. ### Nested Schema for `specs.egress.to_ports.rules.http.header_matches` @@ -1439,9 +1439,9 @@ Required: Optional: -- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log. -- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules--http--header_matches--secret)) -- `value` (String) Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case. +- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log. +- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules--http--header_matches--secret)) +- `value` (String) Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case. ### Nested Schema for `specs.egress.to_ports.rules.http.header_matches.secret` @@ -1452,7 +1452,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -1462,11 +1462,11 @@ Optional: Optional: -- `api_key` (String) APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed. -- `api_version` (String) APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed. -- `client_id` (String) ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed. -- `role` (String) Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed. -- `topic` (String) Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed. +- `api_key` (String) APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed. +- `api_version` (String) APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed. +- `client_id` (String) ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed. +- `role` (String) Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed. +- `topic` (String) Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed. @@ -1475,13 +1475,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--egress--to_ports--terminating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--egress--to_ports--terminating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `specs.egress.to_ports.terminating_tls.secret` @@ -1492,7 +1492,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -1503,7 +1503,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress--to_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress.to_requires.match_expressions` @@ -1511,11 +1511,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1553,7 +1553,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress--to_services--k8s_service_selector--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress.to_services.k8s_service_selector.selector.match_expressions` @@ -1561,11 +1561,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1577,16 +1577,16 @@ Optional: Optional: -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--egress_deny--icmps)) -- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 -- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--specs--egress_deny--to_cidr_set)) -- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--specs--egress_deny--to_endpoints)) -- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'. -- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--egress_deny--to_groups)) -- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--specs--egress_deny--to_nodes)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp (see [below for nested schema](#nestedatt--specs--egress_deny--to_ports)) -- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--egress_deny--to_requires)) -- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--specs--egress_deny--to_services)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--egress_deny--icmps)) +- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 +- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--specs--egress_deny--to_cidr_set)) +- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--specs--egress_deny--to_endpoints)) +- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'. +- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--egress_deny--to_groups)) +- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--specs--egress_deny--to_nodes)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp (see [below for nested schema](#nestedatt--specs--egress_deny--to_ports)) +- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--egress_deny--to_requires)) +- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--specs--egress_deny--to_services)) ### Nested Schema for `specs.egress_deny.icmps` @@ -1600,11 +1600,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -1614,8 +1614,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -1624,7 +1624,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress_deny--to_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress_deny.to_endpoints.match_expressions` @@ -1632,11 +1632,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1665,7 +1665,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress_deny--to_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress_deny.to_nodes.match_expressions` @@ -1673,11 +1673,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1693,12 +1693,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -1708,7 +1708,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress_deny--to_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress_deny.to_requires.match_expressions` @@ -1716,11 +1716,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1758,7 +1758,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress_deny--to_services--k8s_service_selector--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress_deny.to_services.k8s_service_selector.selector.match_expressions` @@ -1766,11 +1766,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1782,8 +1782,8 @@ Optional: Optional: -- `egress` (Boolean) Whether or not the endpoint should have a default-deny rule appliedto egress traffic. -- `ingress` (Boolean) Whether or not the endpoint should have a default-deny rule appliedto ingress traffic. +- `egress` (Boolean) Whether or not the endpoint should have a default-deny rule applied to egress traffic. +- `ingress` (Boolean) Whether or not the endpoint should have a default-deny rule applied to ingress traffic. @@ -1792,7 +1792,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--endpoint_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.endpoint_selector.match_expressions` @@ -1800,11 +1800,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1814,15 +1814,15 @@ Optional: Optional: - `authentication` (Attributes) Authentication is the required authentication type for the allowed traffic, if any. (see [below for nested schema](#nestedatt--specs--ingress--authentication)) -- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1 -- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--specs--ingress--from_cidr_set)) -- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--specs--ingress--from_endpoints)) -- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host' -- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--ingress--from_groups)) -- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule. (see [below for nested schema](#nestedatt--specs--ingress--from_nodes)) -- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--ingress--from_requires)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--ingress--icmps)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp. (see [below for nested schema](#nestedatt--specs--ingress--to_ports)) +- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1 +- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--specs--ingress--from_cidr_set)) +- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--specs--ingress--from_endpoints)) +- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host' +- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--ingress--from_groups)) +- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. (see [below for nested schema](#nestedatt--specs--ingress--from_nodes)) +- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--ingress--from_requires)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--ingress--icmps)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp. (see [below for nested schema](#nestedatt--specs--ingress--to_ports)) ### Nested Schema for `specs.ingress.authentication` @@ -1838,8 +1838,8 @@ Required: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -1848,7 +1848,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress--from_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress.from_endpoints.match_expressions` @@ -1856,11 +1856,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1889,7 +1889,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress--from_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress.from_nodes.match_expressions` @@ -1897,11 +1897,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1911,7 +1911,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress--from_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress.from_requires.match_expressions` @@ -1919,11 +1919,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1939,11 +1939,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -1952,35 +1952,35 @@ Optional: Optional: -- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should beredirected to. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--listener)) -- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--originating_tls)) +- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should be redirected to. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--listener)) +- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--originating_tls)) - `ports` (Attributes List) Ports is a list of L4 port/protocol (see [below for nested schema](#nestedatt--specs--ingress--to_ports--ports)) -- `rules` (Attributes) Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules)) -- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake. -- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--terminating_tls)) +- `rules` (Attributes) Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules)) +- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake. +- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--terminating_tls)) ### Nested Schema for `specs.ingress.to_ports.listener` Required: -- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--listener--envoy_config)) +- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--listener--envoy_config)) - `name` (String) Name is the name of the listener. Optional: -- `priority` (Number) Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent. +- `priority` (Number) Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent. ### Nested Schema for `specs.ingress.to_ports.listener.envoy_config` Required: -- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in. +- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in. Optional: -- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed. +- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed. @@ -1989,13 +1989,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--originating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--originating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `specs.ingress.to_ports.originating_tls.secret` @@ -2006,7 +2006,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -2015,12 +2015,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -2039,8 +2039,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -2048,11 +2048,11 @@ Optional: Optional: -- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules--http--header_matches)) -- `headers` (List of String) Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present. -- `host` (String) Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored. -- `method` (String) Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed. -- `path` (String) Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed. +- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules--http--header_matches)) +- `headers` (List of String) Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. +- `host` (String) Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored. +- `method` (String) Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed. +- `path` (String) Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed. ### Nested Schema for `specs.ingress.to_ports.rules.http.header_matches` @@ -2063,9 +2063,9 @@ Required: Optional: -- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log. -- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules--http--header_matches--secret)) -- `value` (String) Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case. +- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log. +- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules--http--header_matches--secret)) +- `value` (String) Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case. ### Nested Schema for `specs.ingress.to_ports.rules.http.header_matches.secret` @@ -2076,7 +2076,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -2086,11 +2086,11 @@ Optional: Optional: -- `api_key` (String) APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed. -- `api_version` (String) APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed. -- `client_id` (String) ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed. -- `role` (String) Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed. -- `topic` (String) Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed. +- `api_key` (String) APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed. +- `api_version` (String) APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed. +- `client_id` (String) ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed. +- `role` (String) Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed. +- `topic` (String) Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed. @@ -2099,13 +2099,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--terminating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--terminating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `specs.ingress.to_ports.terminating_tls.secret` @@ -2116,7 +2116,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -2127,15 +2127,15 @@ Optional: Optional: -- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1 -- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_cidr_set)) -- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_endpoints)) -- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host' -- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--ingress_deny--from_groups)) -- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_nodes)) -- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_requires)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--ingress_deny--icmps)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp. (see [below for nested schema](#nestedatt--specs--ingress_deny--to_ports)) +- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1 +- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_cidr_set)) +- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_endpoints)) +- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host' +- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--ingress_deny--from_groups)) +- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_nodes)) +- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_requires)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--ingress_deny--icmps)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp. (see [below for nested schema](#nestedatt--specs--ingress_deny--to_ports)) ### Nested Schema for `specs.ingress_deny.from_cidr_set` @@ -2143,8 +2143,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -2153,7 +2153,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress_deny.from_endpoints.match_expressions` @@ -2161,11 +2161,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2194,7 +2194,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress_deny.from_nodes.match_expressions` @@ -2202,11 +2202,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2216,7 +2216,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress_deny.from_requires.match_expressions` @@ -2224,11 +2224,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2244,11 +2244,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -2264,12 +2264,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -2293,7 +2293,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--node_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.node_selector.match_expressions` @@ -2301,8 +2301,8 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. diff --git a/docs/data-sources/cilium_io_cilium_egress_gateway_policy_v2_manifest.md b/docs/data-sources/cilium_io_cilium_egress_gateway_policy_v2_manifest.md index 21fb7f61d..1054c36f5 100644 --- a/docs/data-sources/cilium_io_cilium_egress_gateway_policy_v2_manifest.md +++ b/docs/data-sources/cilium_io_cilium_egress_gateway_policy_v2_manifest.md @@ -54,25 +54,25 @@ Optional: Required: -- `destination_cid_rs` (List of String) DestinationCIDRs is a list of destination CIDRs for destination IP addresses.If a destination IP matches any one CIDR, it will be selected. +- `destination_cidrs` (List of String) DestinationCIDRs is a list of destination CIDRs for destination IP addresses. If a destination IP matches any one CIDR, it will be selected. - `egress_gateway` (Attributes) EgressGateway is the gateway node responsible for SNATing traffic. (see [below for nested schema](#nestedatt--spec--egress_gateway)) -- `selectors` (Attributes List) Egress represents a list of rules by which egress traffic isfiltered from the source pods. (see [below for nested schema](#nestedatt--spec--selectors)) +- `selectors` (Attributes List) Egress represents a list of rules by which egress traffic is filtered from the source pods. (see [below for nested schema](#nestedatt--spec--selectors)) Optional: -- `excluded_cid_rs` (List of String) ExcludedCIDRs is a list of destination CIDRs that will be excludedfrom the egress gateway redirection and SNAT logic.Should be a subset of destinationCIDRs otherwise it will not have anyeffect. +- `excluded_cidrs` (List of String) ExcludedCIDRs is a list of destination CIDRs that will be excluded from the egress gateway redirection and SNAT logic. Should be a subset of destinationCIDRs otherwise it will not have any effect. ### Nested Schema for `spec.egress_gateway` Required: -- `node_selector` (Attributes) This is a label selector which selects the node that should act asegress gateway for the given policy.In case multiple nodes are selected, only the first one in thelexical ordering over the node names will be used.This field follows standard label selector semantics. (see [below for nested schema](#nestedatt--spec--egress_gateway--node_selector)) +- `node_selector` (Attributes) This is a label selector which selects the node that should act as egress gateway for the given policy. In case multiple nodes are selected, only the first one in the lexical ordering over the node names will be used. This field follows standard label selector semantics. (see [below for nested schema](#nestedatt--spec--egress_gateway--node_selector)) Optional: -- `egress_ip` (String) EgressIP is the source IP address that the egress traffic is SNATedwith.Example:When set to '192.168.1.100', matching egress traffic will beredirected to the node matching the NodeSelector field and SNATedwith IP address 192.168.1.100.When none of the Interface or EgressIP fields is specified, thepolicy will use the first IPv4 assigned to the interface with thedefault route. -- `interface` (String) Interface is the network interface to which the egress IP addressthat the traffic is SNATed with is assigned.Example:When set to 'eth1', matching egress traffic will be redirected to thenode matching the NodeSelector field and SNATed with the first IPv4address assigned to the eth1 interface.When none of the Interface or EgressIP fields is specified, thepolicy will use the first IPv4 assigned to the interface with thedefault route. +- `egress_ip` (String) EgressIP is the source IP address that the egress traffic is SNATed with. Example: When set to '192.168.1.100', matching egress traffic will be redirected to the node matching the NodeSelector field and SNATed with IP address 192.168.1.100. When none of the Interface or EgressIP fields is specified, the policy will use the first IPv4 assigned to the interface with the default route. +- `interface` (String) Interface is the network interface to which the egress IP address that the traffic is SNATed with is assigned. Example: When set to 'eth1', matching egress traffic will be redirected to the node matching the NodeSelector field and SNATed with the first IPv4 address assigned to the eth1 interface. When none of the Interface or EgressIP fields is specified, the policy will use the first IPv4 assigned to the interface with the default route. ### Nested Schema for `spec.egress_gateway.node_selector` @@ -80,7 +80,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress_gateway--node_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress_gateway.node_selector.match_expressions` @@ -88,11 +88,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -102,8 +102,8 @@ Optional: Optional: -- `namespace_selector` (Attributes) Selects Namespaces using cluster-scoped labels. This field follows standard labelselector semantics; if present but empty, it selects all namespaces. (see [below for nested schema](#nestedatt--spec--selectors--namespace_selector)) -- `pod_selector` (Attributes) This is a label selector which selects Pods. This field follows standard labelselector semantics; if present but empty, it selects all pods. (see [below for nested schema](#nestedatt--spec--selectors--pod_selector)) +- `namespace_selector` (Attributes) Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. (see [below for nested schema](#nestedatt--spec--selectors--namespace_selector)) +- `pod_selector` (Attributes) This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods. (see [below for nested schema](#nestedatt--spec--selectors--pod_selector)) ### Nested Schema for `spec.selectors.namespace_selector` @@ -111,7 +111,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--selectors--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.selectors.namespace_selector.match_expressions` @@ -119,11 +119,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -133,7 +133,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--selectors--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.selectors.pod_selector.match_expressions` @@ -141,8 +141,8 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. diff --git a/docs/data-sources/cilium_io_cilium_endpoint_slice_v2alpha1_manifest.md b/docs/data-sources/cilium_io_cilium_endpoint_slice_v2alpha1_manifest.md index 03dfd4143..0129a2051 100644 --- a/docs/data-sources/cilium_io_cilium_endpoint_slice_v2alpha1_manifest.md +++ b/docs/data-sources/cilium_io_cilium_endpoint_slice_v2alpha1_manifest.md @@ -31,7 +31,7 @@ data "k8s_cilium_io_cilium_endpoint_slice_v2alpha1_manifest" "example" { ### Optional -- `namespace` (String) Namespace indicate as CiliumEndpointSlice namespace.All the CiliumEndpoints within the same namespace are put togetherin CiliumEndpointSlice. +- `namespace` (String) Namespace indicate as CiliumEndpointSlice namespace. All the CiliumEndpoints within the same namespace are put together in CiliumEndpointSlice. ### Read-Only @@ -45,7 +45,7 @@ Optional: - `encryption` (Attributes) EncryptionSpec defines the encryption relevant configuration of a node. (see [below for nested schema](#nestedatt--endpoints--encryption)) - `id` (Number) IdentityID is the numeric identity of the endpoint - `name` (String) Name indicate as CiliumEndpoint name. -- `named_ports` (Attributes List) NamedPorts List of named Layer 4 port and protocol pairs which will be used in NetworkPolicy specs.swagger:model NamedPorts (see [below for nested schema](#nestedatt--endpoints--named_ports)) +- `named_ports` (Attributes List) NamedPorts List of named Layer 4 port and protocol pairs which will be used in Network Policy specs. swagger:model NamedPorts (see [below for nested schema](#nestedatt--endpoints--named_ports)) - `networking` (Attributes) EndpointNetworking is the addressing information of an endpoint. (see [below for nested schema](#nestedatt--endpoints--networking)) @@ -53,7 +53,7 @@ Optional: Optional: -- `key` (Number) Key is the index to the key to use for encryption or 0 if encryption isdisabled. +- `key` (Number) Key is the index to the key to use for encryption or 0 if encryption is disabled. @@ -63,7 +63,7 @@ Optional: - `name` (String) Optional layer 4 port name - `port` (Number) Layer 4 port number -- `protocol` (String) Layer 4 protocolEnum: [TCP UDP SCTP ICMP ICMPV6 ANY] +- `protocol` (String) Layer 4 protocol Enum: [TCP UDP SCTP ICMP ICMPV6 ANY] @@ -75,7 +75,7 @@ Required: Optional: -- `node` (String) NodeIP is the IP of the node the endpoint is running on. The IP mustbe reachable between nodes. +- `node` (String) NodeIP is the IP of the node the endpoint is running on. The IP must be reachable between nodes. ### Nested Schema for `endpoints.networking.addressing` diff --git a/docs/data-sources/cilium_io_cilium_envoy_config_v2_manifest.md b/docs/data-sources/cilium_io_cilium_envoy_config_v2_manifest.md index 16ab31211..8b7b034e9 100644 --- a/docs/data-sources/cilium_io_cilium_envoy_config_v2_manifest.md +++ b/docs/data-sources/cilium_io_cilium_envoy_config_v2_manifest.md @@ -53,27 +53,24 @@ Optional: ### Nested Schema for `spec` -Required: - -- `resources` (List of Map of String) Envoy xDS resources, a list of the following Envoy resource types:type.googleapis.com/envoy.config.listener.v3.Listener,type.googleapis.com/envoy.config.route.v3.RouteConfiguration,type.googleapis.com/envoy.config.cluster.v3.Cluster,type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, andtype.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret. - Optional: -- `backend_services` (Attributes List) BackendServices specifies Kubernetes services whose backendsare automatically synced to Envoy using EDS. Traffic for theseservices is not forwarded to an Envoy listener. This allows anEnvoy listener load balance traffic to these backends whilenormal Cilium service load balancing takes care of balancingtraffic for these services at the same time. (see [below for nested schema](#nestedatt--spec--backend_services)) -- `node_selector` (Attributes) NodeSelector is a label selector that determines to which nodesthis configuration applies.If nil, then this config applies to all nodes. (see [below for nested schema](#nestedatt--spec--node_selector)) -- `services` (Attributes List) Services specifies Kubernetes services for which traffic isforwarded to an Envoy listener for L7 load balancing. Backendsof these services are automatically synced to Envoy usign EDS. (see [below for nested schema](#nestedatt--spec--services)) +- `backend_services` (Attributes List) BackendServices specifies Kubernetes services whose backends are automatically synced to Envoy using EDS. Traffic for these services is not forwarded to an Envoy listener. This allows an Envoy listener load balance traffic to these backends while normal Cilium service load balancing takes care of balancing traffic for these services at the same time. (see [below for nested schema](#nestedatt--spec--backend_services)) +- `node_selector` (Attributes) NodeSelector is a label selector that determines to which nodes this configuration applies. If nil, then this config applies to all nodes. (see [below for nested schema](#nestedatt--spec--node_selector)) +- `resources` (List of Map of String) Envoy xDS resources, a list of the following Envoy resource types: type.googleapis.com/envoy.config.listener.v3.Listener, type.googleapis.com/envoy.config.route.v3.RouteConfiguration, type.googleapis.com/envoy.config.cluster.v3.Cluster, type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment, and type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret. +- `services` (Attributes List) Services specifies Kubernetes services for which traffic is forwarded to an Envoy listener for L7 load balancing. Backends of these services are automatically synced to Envoy usign EDS. (see [below for nested schema](#nestedatt--spec--services)) ### Nested Schema for `spec.backend_services` Required: -- `name` (String) Name is the name of a destination Kubernetes service that identifies trafficto be redirected. +- `name` (String) Name is the name of a destination Kubernetes service that identifies traffic to be redirected. Optional: -- `namespace` (String) Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace defaults to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'. -- `number` (List of String) Ports is a set of port numbers, which can be used for filtering in case of underlyingis exposing multiple port numbers. +- `namespace` (String) Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace defaults to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'. +- `number` (List of String) Ports is a set of port numbers, which can be used for filtering in case of underlying is exposing multiple port numbers. @@ -82,7 +79,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.node_selector.match_expressions` @@ -90,11 +87,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -103,10 +100,10 @@ Optional: Required: -- `name` (String) Name is the name of a destination Kubernetes service that identifies trafficto be redirected. +- `name` (String) Name is the name of a destination Kubernetes service that identifies traffic to be redirected. Optional: -- `listener` (String) Listener specifies the name of the Envoy listener theservice traffic is redirected to. The listener must bespecified in the Envoy 'resources' of the sameCiliumEnvoyConfig.If omitted, the first listener specified in 'resources' isused. -- `namespace` (String) Namespace is the Kubernetes service namespace.In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC,In CiliumClusterwideEnvoyConfig namespace defaults to 'default'. -- `ports` (List of String) Ports is a set of service's frontend ports that should be redirected to the Envoylistener. By default all frontend ports of the service are redirected. +- `listener` (String) Listener specifies the name of the Envoy listener the service traffic is redirected to. The listener must be specified in the Envoy 'resources' of the same CiliumEnvoyConfig. If omitted, the first listener specified in 'resources' is used. +- `namespace` (String) Namespace is the Kubernetes service namespace. In CiliumEnvoyConfig namespace this is overridden to the namespace of the CEC, In CiliumClusterwideEnvoyConfig namespace defaults to 'default'. +- `ports` (List of String) Ports is a set of service's frontend ports that should be redirected to the Envoy listener. By default all frontend ports of the service are redirected. diff --git a/docs/data-sources/cilium_io_cilium_external_workload_v2_manifest.md b/docs/data-sources/cilium_io_cilium_external_workload_v2_manifest.md index 770b94514..08b9c8b64 100644 --- a/docs/data-sources/cilium_io_cilium_external_workload_v2_manifest.md +++ b/docs/data-sources/cilium_io_cilium_external_workload_v2_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_external_workload_v2_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumExternalWorkload is a Kubernetes Custom Resource thatcontains a specification for an external workload that can join thecluster. The name of the CRD is the FQDN of the external workload,and it needs to match the name in the workload registration. Thelabels on the CRD object are the labels that will be used toallocate a Cilium Identity for the external workload. If'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labelsare not explicitly specified, they will be defaulted to 'default'and , respectively. 'io.cilium.k8s.policy.cluster'will always be defined as the name of the current cluster, whichdefaults to 'default'. + CiliumExternalWorkload is a Kubernetes Custom Resource that contains a specification for an external workload that can join the cluster. The name of the CRD is the FQDN of the external workload, and it needs to match the name in the workload registration. The labels on the CRD object are the labels that will be used to allocate a Cilium Identity for the external workload. If 'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labels are not explicitly specified, they will be defaulted to 'default' and , respectively. 'io.cilium.k8s.policy.cluster' will always be defined as the name of the current cluster, which defaults to 'default'. --- # k8s_cilium_io_cilium_external_workload_v2_manifest (Data Source) -CiliumExternalWorkload is a Kubernetes Custom Resource thatcontains a specification for an external workload that can join thecluster. The name of the CRD is the FQDN of the external workload,and it needs to match the name in the workload registration. Thelabels on the CRD object are the labels that will be used toallocate a Cilium Identity for the external workload. If'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labelsare not explicitly specified, they will be defaulted to 'default'and , respectively. 'io.cilium.k8s.policy.cluster'will always be defined as the name of the current cluster, whichdefaults to 'default'. +CiliumExternalWorkload is a Kubernetes Custom Resource that contains a specification for an external workload that can join the cluster. The name of the CRD is the FQDN of the external workload, and it needs to match the name in the workload registration. The labels on the CRD object are the labels that will be used to allocate a Cilium Identity for the external workload. If 'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labels are not explicitly specified, they will be defaulted to 'default' and , respectively. 'io.cilium.k8s.policy.cluster' will always be defined as the name of the current cluster, which defaults to 'default'. ## Example Usage @@ -54,5 +54,5 @@ Optional: Optional: -- `ipv4_alloc_cidr` (String) IPv4AllocCIDR is the range of IPv4 addresses in the CIDR format that the external workload canuse to allocate IP addresses for the tunnel device and the health endpoint. -- `ipv6_alloc_cidr` (String) IPv6AllocCIDR is the range of IPv6 addresses in the CIDR format that the external workload canuse to allocate IP addresses for the tunnel device and the health endpoint. +- `ipv4_alloc_cidr` (String) IPv4AllocCIDR is the range of IPv4 addresses in the CIDR format that the external workload can use to allocate IP addresses for the tunnel device and the health endpoint. +- `ipv6_alloc_cidr` (String) IPv6AllocCIDR is the range of IPv6 addresses in the CIDR format that the external workload can use to allocate IP addresses for the tunnel device and the health endpoint. diff --git a/docs/data-sources/cilium_io_cilium_identity_v2_manifest.md b/docs/data-sources/cilium_io_cilium_identity_v2_manifest.md index 512f905f5..ff5f9de54 100644 --- a/docs/data-sources/cilium_io_cilium_identity_v2_manifest.md +++ b/docs/data-sources/cilium_io_cilium_identity_v2_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_identity_v2_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumIdentity is a CRD that represents an identity managed by Cilium.It is intended as a backing store for identity allocation, acting as theglobal coordination backend, and can be used in place of a KVStore (such asetcd).The name of the CRD is the numeric identity and the labels on the CRD objectare the kubernetes sourced labels seen by cilium. This is currently theonly label source possible when running under kubernetes. Non-kuberneteslabels are filtered but all labels, from all sources, are places in theSecurityLabels field. These also include the source and are used to definethe identity.The labels under metav1.ObjectMeta can be used when searching forCiliumIdentity instances that include particular labels. This can be donewith invocations such as: kubectl get ciliumid -l 'foo=bar' + CiliumIdentity is a CRD that represents an identity managed by Cilium. It is intended as a backing store for identity allocation, acting as the global coordination backend, and can be used in place of a KVStore (such as etcd). The name of the CRD is the numeric identity and the labels on the CRD object are the kubernetes sourced labels seen by cilium. This is currently the only label source possible when running under kubernetes. Non-kubernetes labels are filtered but all labels, from all sources, are places in the SecurityLabels field. These also include the source and are used to define the identity. The labels under metav1.ObjectMeta can be used when searching for CiliumIdentity instances that include particular labels. This can be done with invocations such as: kubectl get ciliumid -l 'foo=bar' --- # k8s_cilium_io_cilium_identity_v2_manifest (Data Source) -CiliumIdentity is a CRD that represents an identity managed by Cilium.It is intended as a backing store for identity allocation, acting as theglobal coordination backend, and can be used in place of a KVStore (such asetcd).The name of the CRD is the numeric identity and the labels on the CRD objectare the kubernetes sourced labels seen by cilium. This is currently theonly label source possible when running under kubernetes. Non-kuberneteslabels are filtered but all labels, from all sources, are places in theSecurityLabels field. These also include the source and are used to definethe identity.The labels under metav1.ObjectMeta can be used when searching forCiliumIdentity instances that include particular labels. This can be donewith invocations such as: kubectl get ciliumid -l 'foo=bar' +CiliumIdentity is a CRD that represents an identity managed by Cilium. It is intended as a backing store for identity allocation, acting as the global coordination backend, and can be used in place of a KVStore (such as etcd). The name of the CRD is the numeric identity and the labels on the CRD object are the kubernetes sourced labels seen by cilium. This is currently the only label source possible when running under kubernetes. Non-kubernetes labels are filtered but all labels, from all sources, are places in the SecurityLabels field. These also include the source and are used to define the identity. The labels under metav1.ObjectMeta can be used when searching for CiliumIdentity instances that include particular labels. This can be done with invocations such as: kubectl get ciliumid -l 'foo=bar' ## Example Usage diff --git a/docs/data-sources/cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest.md b/docs/data-sources/cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest.md index a837ace37..941ddcf98 100644 --- a/docs/data-sources/cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest.md +++ b/docs/data-sources/cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumL2AnnouncementPolicy is a Kubernetes third-party resource whichis used to defined which nodes should announce what services on theL2 network. + CiliumL2AnnouncementPolicy is a Kubernetes third-party resource which is used to defined which nodes should announce what services on the L2 network. --- # k8s_cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest (Data Source) -CiliumL2AnnouncementPolicy is a Kubernetes third-party resource whichis used to defined which nodes should announce what services on theL2 network. +CiliumL2AnnouncementPolicy is a Kubernetes third-party resource which is used to defined which nodes should announce what services on the L2 network. ## Example Usage @@ -55,10 +55,10 @@ Optional: Optional: - `external_i_ps` (Boolean) If true, the external IPs of the services are announced -- `interfaces` (List of String) A list of regular expressions that express which network interface(s) should be usedto announce the services over. If nil, all network interfaces are used. -- `load_balancer_i_ps` (Boolean) If true, the loadbalancer IPs of the services are announcedIf nil this policy applies to all services. -- `node_selector` (Attributes) NodeSelector selects a group of nodes which will announce the IPs forthe services selected by the service selector.If nil this policy applies to all nodes. (see [below for nested schema](#nestedatt--spec--node_selector)) -- `service_selector` (Attributes) ServiceSelector selects a set of services which will be announced over L2 networks.The loadBalancerClass for a service must be nil or specify a supported class, e.g.'io.cilium/l2-announcer'. Refer to the following document for additional detailsregarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-classIf nil this policy applies to all services. (see [below for nested schema](#nestedatt--spec--service_selector)) +- `interfaces` (List of String) A list of regular expressions that express which network interface(s) should be used to announce the services over. If nil, all network interfaces are used. +- `load_balancer_i_ps` (Boolean) If true, the loadbalancer IPs of the services are announced If nil this policy applies to all services. +- `node_selector` (Attributes) NodeSelector selects a group of nodes which will announce the IPs for the services selected by the service selector. If nil this policy applies to all nodes. (see [below for nested schema](#nestedatt--spec--node_selector)) +- `service_selector` (Attributes) ServiceSelector selects a set of services which will be announced over L2 networks. The loadBalancerClass for a service must be nil or specify a supported class, e.g. 'io.cilium/l2-announcer'. Refer to the following document for additional details regarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class If nil this policy applies to all services. (see [below for nested schema](#nestedatt--spec--service_selector)) ### Nested Schema for `spec.node_selector` @@ -66,7 +66,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.node_selector.match_expressions` @@ -74,11 +74,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -88,7 +88,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--service_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.service_selector.match_expressions` @@ -96,8 +96,8 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. diff --git a/docs/data-sources/cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest.md b/docs/data-sources/cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest.md index 8695bec7f..9be408fa2 100644 --- a/docs/data-sources/cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest.md +++ b/docs/data-sources/cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumLoadBalancerIPPool is a Kubernetes third-party resource whichis used to defined pools of IPs which the operator can use to to allocateand advertise IPs for Services of type LoadBalancer. + CiliumLoadBalancerIPPool is a Kubernetes third-party resource which is used to defined pools of IPs which the operator can use to to allocate and advertise IPs for Services of type LoadBalancer. --- # k8s_cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest (Data Source) -CiliumLoadBalancerIPPool is a Kubernetes third-party resource whichis used to defined pools of IPs which the operator can use to to allocateand advertise IPs for Services of type LoadBalancer. +CiliumLoadBalancerIPPool is a Kubernetes third-party resource which is used to defined pools of IPs which the operator can use to to allocate and advertise IPs for Services of type LoadBalancer. ## Example Usage @@ -16,8 +16,8 @@ CiliumLoadBalancerIPPool is a Kubernetes third-party resource whichis used to de data "k8s_cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest" "example" { metadata = { name = "some-name" - } + spec = {} } ``` @@ -27,7 +27,10 @@ data "k8s_cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest" "example" { ### Required - `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata)) -- `spec` (Attributes) Spec is a human readable description for a BGP load balancerip pool. (see [below for nested schema](#nestedatt--spec)) + +### Optional + +- `spec` (Attributes) Spec is a human readable description for a BGP load balancer ip pool. (see [below for nested schema](#nestedatt--spec)) ### Read-Only @@ -51,9 +54,9 @@ Optional: Optional: -- `allow_first_last_i_ps` (String) AllowFirstLastIPs, if set to 'Yes' or undefined means that the first and last IPs of each CIDR will be allocatable.If 'No', these IPs will be reserved. This field is ignored for /{31,32} and /{127,128} CIDRs sincereserving the first and last IPs would make the CIDRs unusable. +- `allow_first_last_i_ps` (String) AllowFirstLastIPs, if set to 'Yes' or undefined means that the first and last IPs of each CIDR will be allocatable. If 'No', these IPs will be reserved. This field is ignored for /{31,32} and /{127,128} CIDRs since reserving the first and last IPs would make the CIDRs unusable. - `blocks` (Attributes List) Blocks is a list of CIDRs comprising this IP Pool (see [below for nested schema](#nestedatt--spec--blocks)) -- `disabled` (Boolean) Disabled, if set to true means that no new IPs will be allocated from this pool.Existing allocations will not be removed from services. +- `disabled` (Boolean) Disabled, if set to true means that no new IPs will be allocated from this pool. Existing allocations will not be removed from services. - `service_selector` (Attributes) ServiceSelector selects a set of services which are eligible to receive IPs from this (see [below for nested schema](#nestedatt--spec--service_selector)) @@ -72,7 +75,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--service_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.service_selector.match_expressions` @@ -80,8 +83,8 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. diff --git a/docs/data-sources/cilium_io_cilium_local_redirect_policy_v2_manifest.md b/docs/data-sources/cilium_io_cilium_local_redirect_policy_v2_manifest.md index 4e176c937..ba4c9e1f4 100644 --- a/docs/data-sources/cilium_io_cilium_local_redirect_policy_v2_manifest.md +++ b/docs/data-sources/cilium_io_cilium_local_redirect_policy_v2_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_local_redirect_policy_v2_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains aspecification to redirect traffic locally within a node. + CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains a specification to redirect traffic locally within a node. --- # k8s_cilium_io_cilium_local_redirect_policy_v2_manifest (Data Source) -CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains aspecification to redirect traffic locally within a node. +CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains a specification to redirect traffic locally within a node. ## Example Usage @@ -55,13 +55,13 @@ Optional: Required: -- `redirect_backend` (Attributes) RedirectBackend specifies backend configuration to redirect traffic to.It can not be empty. (see [below for nested schema](#nestedatt--spec--redirect_backend)) -- `redirect_frontend` (Attributes) RedirectFrontend specifies frontend configuration to redirect traffic from.It can not be empty. (see [below for nested schema](#nestedatt--spec--redirect_frontend)) +- `redirect_backend` (Attributes) RedirectBackend specifies backend configuration to redirect traffic to. It can not be empty. (see [below for nested schema](#nestedatt--spec--redirect_backend)) +- `redirect_frontend` (Attributes) RedirectFrontend specifies frontend configuration to redirect traffic from. It can not be empty. (see [below for nested schema](#nestedatt--spec--redirect_frontend)) Optional: -- `description` (String) Description can be used by the creator of the policy to describe thepurpose of this policy. -- `skip_redirect_from_backend` (Boolean) SkipRedirectFromBackend indicates whether traffic matching RedirectFrontendfrom RedirectBackend should skip redirection, and hence the traffic willbe forwarded as-is.The default is false which means traffic matching RedirectFrontend willget redirected from all pods, including the RedirectBackend(s).Example: If RedirectFrontend is configured to '169.254.169.254:80' as the trafficthat needs to be redirected to backends selected by RedirectBackend, ifSkipRedirectFromBackend is set to true, traffic going to '169.254.169.254:80'from such backends will not be redirected back to the backends. Instead,the matched traffic from the backends will be forwarded to the originaldestination '169.254.169.254:80'. +- `description` (String) Description can be used by the creator of the policy to describe the purpose of this policy. +- `skip_redirect_from_backend` (Boolean) SkipRedirectFromBackend indicates whether traffic matching RedirectFrontend from RedirectBackend should skip redirection, and hence the traffic will be forwarded as-is. The default is false which means traffic matching RedirectFrontend will get redirected from all pods, including the RedirectBackend(s). Example: If RedirectFrontend is configured to '169.254.169.254:80' as the traffic that needs to be redirected to backends selected by RedirectBackend, if SkipRedirectFromBackend is set to true, traffic going to '169.254.169.254:80' from such backends will not be redirected back to the backends. Instead, the matched traffic from the backends will be forwarded to the original destination '169.254.169.254:80'. ### Nested Schema for `spec.redirect_backend` @@ -69,7 +69,7 @@ Optional: Required: - `local_endpoint_selector` (Attributes) LocalEndpointSelector selects node local pod(s) where traffic is redirected to. (see [below for nested schema](#nestedatt--spec--redirect_backend--local_endpoint_selector)) -- `to_ports` (Attributes List) ToPorts is a list of L4 ports with protocol of node local pod(s) where trafficis redirected to.When multiple ports are specified, the ports must be named. (see [below for nested schema](#nestedatt--spec--redirect_backend--to_ports)) +- `to_ports` (Attributes List) ToPorts is a list of L4 ports with protocol of node local pod(s) where traffic is redirected to. When multiple ports are specified, the ports must be named. (see [below for nested schema](#nestedatt--spec--redirect_backend--to_ports)) ### Nested Schema for `spec.redirect_backend.local_endpoint_selector` @@ -77,7 +77,7 @@ Required: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--redirect_backend--local_endpoint_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.redirect_backend.local_endpoint_selector.match_expressions` @@ -85,11 +85,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -99,11 +99,11 @@ Optional: Required: - `port` (String) Port is an L4 port number. The string will be strictly parsed as a single uint16. -- `protocol` (String) Protocol is the L4 protocol.Accepted values: 'TCP', 'UDP' +- `protocol` (String) Protocol is the L4 protocol. Accepted values: 'TCP', 'UDP' Optional: -- `name` (String) Name is a port name, which must contain at least one [a-z],and may also contain [0-9] and '-' anywhere except adjacent to another'-' or in the beginning or the end. +- `name` (String) Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end. @@ -112,16 +112,16 @@ Optional: Optional: -- `address_matcher` (Attributes) AddressMatcher is a tuple {IP, port, protocol} that matches traffic to beredirected. (see [below for nested schema](#nestedatt--spec--redirect_frontend--address_matcher)) -- `service_matcher` (Attributes) ServiceMatcher specifies Kubernetes service and port that matchestraffic to be redirected. (see [below for nested schema](#nestedatt--spec--redirect_frontend--service_matcher)) +- `address_matcher` (Attributes) AddressMatcher is a tuple {IP, port, protocol} that matches traffic to be redirected. (see [below for nested schema](#nestedatt--spec--redirect_frontend--address_matcher)) +- `service_matcher` (Attributes) ServiceMatcher specifies Kubernetes service and port that matches traffic to be redirected. (see [below for nested schema](#nestedatt--spec--redirect_frontend--service_matcher)) ### Nested Schema for `spec.redirect_frontend.address_matcher` Required: -- `ip` (String) IP is a destination ip address for traffic to be redirected.Example:When it is set to '169.254.169.254', traffic destined to'169.254.169.254' is redirected. -- `to_ports` (Attributes List) ToPorts is a list of destination L4 ports with protocol for trafficto be redirected.When multiple ports are specified, the ports must be named.Example:When set to Port: '53' and Protocol: UDP, traffic destined to port '53'with UDP protocol is redirected. (see [below for nested schema](#nestedatt--spec--redirect_frontend--address_matcher--to_ports)) +- `ip` (String) IP is a destination ip address for traffic to be redirected. Example: When it is set to '169.254.169.254', traffic destined to '169.254.169.254' is redirected. +- `to_ports` (Attributes List) ToPorts is a list of destination L4 ports with protocol for traffic to be redirected. When multiple ports are specified, the ports must be named. Example: When set to Port: '53' and Protocol: UDP, traffic destined to port '53' with UDP protocol is redirected. (see [below for nested schema](#nestedatt--spec--redirect_frontend--address_matcher--to_ports)) ### Nested Schema for `spec.redirect_frontend.address_matcher.to_ports` @@ -129,11 +129,11 @@ Required: Required: - `port` (String) Port is an L4 port number. The string will be strictly parsed as a single uint16. -- `protocol` (String) Protocol is the L4 protocol.Accepted values: 'TCP', 'UDP' +- `protocol` (String) Protocol is the L4 protocol. Accepted values: 'TCP', 'UDP' Optional: -- `name` (String) Name is a port name, which must contain at least one [a-z],and may also contain [0-9] and '-' anywhere except adjacent to another'-' or in the beginning or the end. +- `name` (String) Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end. @@ -142,12 +142,12 @@ Optional: Required: -- `namespace` (String) Namespace is the Kubernetes service namespace.The service namespace must match the namespace of the parent LocalRedirect Policy. For Cluster-wide Local Redirect Policy, thiscan be any namespace. -- `service_name` (String) Name is the name of a destination Kubernetes service that identifies trafficto be redirected.The service type needs to be ClusterIP.Example:When this field is populated with 'serviceName:myService', all the trafficdestined to the cluster IP of this service at the (specified)service port(s) will be redirected. +- `namespace` (String) Namespace is the Kubernetes service namespace. The service namespace must match the namespace of the parent Local Redirect Policy. For Cluster-wide Local Redirect Policy, this can be any namespace. +- `service_name` (String) Name is the name of a destination Kubernetes service that identifies traffic to be redirected. The service type needs to be ClusterIP. Example: When this field is populated with 'serviceName:myService', all the traffic destined to the cluster IP of this service at the (specified) service port(s) will be redirected. Optional: -- `to_ports` (Attributes List) ToPorts is a list of destination service L4 ports with protocol fortraffic to be redirected. If not specified, traffic for all the serviceports will be redirected.When multiple ports are specified, the ports must be named. (see [below for nested schema](#nestedatt--spec--redirect_frontend--service_matcher--to_ports)) +- `to_ports` (Attributes List) ToPorts is a list of destination service L4 ports with protocol for traffic to be redirected. If not specified, traffic for all the service ports will be redirected. When multiple ports are specified, the ports must be named. (see [below for nested schema](#nestedatt--spec--redirect_frontend--service_matcher--to_ports)) ### Nested Schema for `spec.redirect_frontend.service_matcher.to_ports` @@ -155,8 +155,8 @@ Optional: Required: - `port` (String) Port is an L4 port number. The string will be strictly parsed as a single uint16. -- `protocol` (String) Protocol is the L4 protocol.Accepted values: 'TCP', 'UDP' +- `protocol` (String) Protocol is the L4 protocol. Accepted values: 'TCP', 'UDP' Optional: -- `name` (String) Name is a port name, which must contain at least one [a-z],and may also contain [0-9] and '-' anywhere except adjacent to another'-' or in the beginning or the end. +- `name` (String) Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end. diff --git a/docs/data-sources/cilium_io_cilium_network_policy_v2_manifest.md b/docs/data-sources/cilium_io_cilium_network_policy_v2_manifest.md index c7c396de9..5db75b9d2 100644 --- a/docs/data-sources/cilium_io_cilium_network_policy_v2_manifest.md +++ b/docs/data-sources/cilium_io_cilium_network_policy_v2_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_network_policy_v2_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumNetworkPolicy is a Kubernetes third-party resource with an extendedversion of NetworkPolicy. + CiliumNetworkPolicy is a Kubernetes third-party resource with an extended version of NetworkPolicy. --- # k8s_cilium_io_cilium_network_policy_v2_manifest (Data Source) -CiliumNetworkPolicy is a Kubernetes third-party resource with an extendedversion of NetworkPolicy. +CiliumNetworkPolicy is a Kubernetes third-party resource with an extended version of NetworkPolicy. ## Example Usage @@ -56,15 +56,15 @@ Optional: Optional: -- `description` (String) Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment. -- `egress` (Attributes List) Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--spec--egress)) -- `egress_deny` (Attributes List) EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--spec--egress_deny)) -- `enable_default_deny` (Attributes) EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode. (see [below for nested schema](#nestedatt--spec--enable_default_deny)) -- `endpoint_selector` (Attributes) EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive. (see [below for nested schema](#nestedatt--spec--endpoint_selector)) -- `ingress` (Attributes List) Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--spec--ingress)) -- `ingress_deny` (Attributes List) IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--spec--ingress_deny)) -- `labels` (Attributes List) Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels. (see [below for nested schema](#nestedatt--spec--labels)) -- `node_selector` (Attributes) NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies. (see [below for nested schema](#nestedatt--spec--node_selector)) +- `description` (String) Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment. +- `egress` (Attributes List) Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--spec--egress)) +- `egress_deny` (Attributes List) EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--spec--egress_deny)) +- `enable_default_deny` (Attributes) EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode. (see [below for nested schema](#nestedatt--spec--enable_default_deny)) +- `endpoint_selector` (Attributes) EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. (see [below for nested schema](#nestedatt--spec--endpoint_selector)) +- `ingress` (Attributes List) Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--spec--ingress)) +- `ingress_deny` (Attributes List) IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--spec--ingress_deny)) +- `labels` (Attributes List) Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels. (see [below for nested schema](#nestedatt--spec--labels)) +- `node_selector` (Attributes) NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies. (see [below for nested schema](#nestedatt--spec--node_selector)) ### Nested Schema for `spec.egress` @@ -72,17 +72,17 @@ Optional: Optional: - `authentication` (Attributes) Authentication is the required authentication type for the allowed traffic, if any. (see [below for nested schema](#nestedatt--spec--egress--authentication)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--egress--icmps)) -- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 -- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--spec--egress--to_cidr_set)) -- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--spec--egress--to_endpoints)) -- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'. -- `to_fqd_ns` (Attributes List) ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules. (see [below for nested schema](#nestedatt--spec--egress--to_fqd_ns)) -- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--egress--to_groups)) -- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--spec--egress--to_nodes)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp (see [below for nested schema](#nestedatt--spec--egress--to_ports)) -- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--egress--to_requires)) -- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--spec--egress--to_services)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--egress--icmps)) +- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 +- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--spec--egress--to_cidr_set)) +- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--spec--egress--to_endpoints)) +- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'. +- `to_fqd_ns` (Attributes List) ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules. (see [below for nested schema](#nestedatt--spec--egress--to_fqd_ns)) +- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--egress--to_groups)) +- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--spec--egress--to_nodes)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp (see [below for nested schema](#nestedatt--spec--egress--to_ports)) +- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--egress--to_requires)) +- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--spec--egress--to_services)) ### Nested Schema for `spec.egress.authentication` @@ -104,11 +104,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -118,8 +118,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -128,7 +128,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress--to_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress.to_endpoints.match_expressions` @@ -136,11 +136,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -149,8 +149,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -178,7 +178,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress--to_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress.to_nodes.match_expressions` @@ -186,11 +186,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -199,35 +199,35 @@ Optional: Optional: -- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should beredirected to. (see [below for nested schema](#nestedatt--spec--egress--to_ports--listener)) -- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint. (see [below for nested schema](#nestedatt--spec--egress--to_ports--originating_tls)) +- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should be redirected to. (see [below for nested schema](#nestedatt--spec--egress--to_ports--listener)) +- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint. (see [below for nested schema](#nestedatt--spec--egress--to_ports--originating_tls)) - `ports` (Attributes List) Ports is a list of L4 port/protocol (see [below for nested schema](#nestedatt--spec--egress--to_ports--ports)) -- `rules` (Attributes) Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules)) -- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake. -- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--spec--egress--to_ports--terminating_tls)) +- `rules` (Attributes) Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules)) +- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake. +- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--spec--egress--to_ports--terminating_tls)) ### Nested Schema for `spec.egress.to_ports.listener` Required: -- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined. (see [below for nested schema](#nestedatt--spec--egress--to_ports--listener--envoy_config)) +- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined. (see [below for nested schema](#nestedatt--spec--egress--to_ports--listener--envoy_config)) - `name` (String) Name is the name of the listener. Optional: -- `priority` (Number) Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent. +- `priority` (Number) Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent. ### Nested Schema for `spec.egress.to_ports.listener.envoy_config` Required: -- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in. +- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in. Optional: -- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed. +- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed. @@ -236,13 +236,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--egress--to_ports--originating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--egress--to_ports--originating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `spec.egress.to_ports.originating_tls.secret` @@ -253,7 +253,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -262,12 +262,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -286,8 +286,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -295,11 +295,11 @@ Optional: Optional: -- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules--http--header_matches)) -- `headers` (List of String) Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present. -- `host` (String) Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored. -- `method` (String) Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed. -- `path` (String) Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed. +- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules--http--header_matches)) +- `headers` (List of String) Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. +- `host` (String) Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored. +- `method` (String) Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed. +- `path` (String) Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed. ### Nested Schema for `spec.egress.to_ports.rules.http.header_matches` @@ -310,9 +310,9 @@ Required: Optional: -- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log. -- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules--http--header_matches--secret)) -- `value` (String) Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case. +- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log. +- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--spec--egress--to_ports--rules--http--header_matches--secret)) +- `value` (String) Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case. ### Nested Schema for `spec.egress.to_ports.rules.http.header_matches.secret` @@ -323,7 +323,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -333,11 +333,11 @@ Optional: Optional: -- `api_key` (String) APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed. -- `api_version` (String) APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed. -- `client_id` (String) ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed. -- `role` (String) Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed. -- `topic` (String) Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed. +- `api_key` (String) APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed. +- `api_version` (String) APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed. +- `client_id` (String) ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed. +- `role` (String) Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed. +- `topic` (String) Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed. @@ -346,13 +346,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--egress--to_ports--terminating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--egress--to_ports--terminating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `spec.egress.to_ports.terminating_tls.secret` @@ -363,7 +363,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -374,7 +374,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress--to_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress.to_requires.match_expressions` @@ -382,11 +382,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -424,7 +424,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress--to_services--k8s_service_selector--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress.to_services.k8s_service_selector.selector.match_expressions` @@ -432,11 +432,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -448,16 +448,16 @@ Optional: Optional: -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--egress_deny--icmps)) -- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 -- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--spec--egress_deny--to_cidr_set)) -- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--spec--egress_deny--to_endpoints)) -- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'. -- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--egress_deny--to_groups)) -- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--spec--egress_deny--to_nodes)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp (see [below for nested schema](#nestedatt--spec--egress_deny--to_ports)) -- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--egress_deny--to_requires)) -- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--spec--egress_deny--to_services)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--egress_deny--icmps)) +- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 +- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--spec--egress_deny--to_cidr_set)) +- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--spec--egress_deny--to_endpoints)) +- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'. +- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--egress_deny--to_groups)) +- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--spec--egress_deny--to_nodes)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp (see [below for nested schema](#nestedatt--spec--egress_deny--to_ports)) +- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--egress_deny--to_requires)) +- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--spec--egress_deny--to_services)) ### Nested Schema for `spec.egress_deny.icmps` @@ -471,11 +471,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -485,8 +485,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -495,7 +495,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress_deny--to_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress_deny.to_endpoints.match_expressions` @@ -503,11 +503,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -536,7 +536,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress_deny--to_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress_deny.to_nodes.match_expressions` @@ -544,11 +544,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -564,12 +564,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -579,7 +579,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress_deny--to_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress_deny.to_requires.match_expressions` @@ -587,11 +587,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -629,7 +629,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--egress_deny--to_services--k8s_service_selector--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.egress_deny.to_services.k8s_service_selector.selector.match_expressions` @@ -637,11 +637,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -653,8 +653,8 @@ Optional: Optional: -- `egress` (Boolean) Whether or not the endpoint should have a default-deny rule appliedto egress traffic. -- `ingress` (Boolean) Whether or not the endpoint should have a default-deny rule appliedto ingress traffic. +- `egress` (Boolean) Whether or not the endpoint should have a default-deny rule applied to egress traffic. +- `ingress` (Boolean) Whether or not the endpoint should have a default-deny rule applied to ingress traffic. @@ -663,7 +663,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--endpoint_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.endpoint_selector.match_expressions` @@ -671,11 +671,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -685,15 +685,15 @@ Optional: Optional: - `authentication` (Attributes) Authentication is the required authentication type for the allowed traffic, if any. (see [below for nested schema](#nestedatt--spec--ingress--authentication)) -- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1 -- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--spec--ingress--from_cidr_set)) -- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--spec--ingress--from_endpoints)) -- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host' -- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--ingress--from_groups)) -- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule. (see [below for nested schema](#nestedatt--spec--ingress--from_nodes)) -- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--ingress--from_requires)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--ingress--icmps)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp. (see [below for nested schema](#nestedatt--spec--ingress--to_ports)) +- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1 +- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--spec--ingress--from_cidr_set)) +- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--spec--ingress--from_endpoints)) +- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host' +- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--ingress--from_groups)) +- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. (see [below for nested schema](#nestedatt--spec--ingress--from_nodes)) +- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--ingress--from_requires)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--ingress--icmps)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp. (see [below for nested schema](#nestedatt--spec--ingress--to_ports)) ### Nested Schema for `spec.ingress.authentication` @@ -709,8 +709,8 @@ Required: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -719,7 +719,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress--from_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress.from_endpoints.match_expressions` @@ -727,11 +727,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -760,7 +760,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress--from_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress.from_nodes.match_expressions` @@ -768,11 +768,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -782,7 +782,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress--from_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress.from_requires.match_expressions` @@ -790,11 +790,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -810,11 +810,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -823,35 +823,35 @@ Optional: Optional: -- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should beredirected to. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--listener)) -- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--originating_tls)) +- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should be redirected to. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--listener)) +- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--originating_tls)) - `ports` (Attributes List) Ports is a list of L4 port/protocol (see [below for nested schema](#nestedatt--spec--ingress--to_ports--ports)) -- `rules` (Attributes) Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules)) -- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake. -- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--terminating_tls)) +- `rules` (Attributes) Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules)) +- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake. +- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--terminating_tls)) ### Nested Schema for `spec.ingress.to_ports.listener` Required: -- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--listener--envoy_config)) +- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--listener--envoy_config)) - `name` (String) Name is the name of the listener. Optional: -- `priority` (Number) Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent. +- `priority` (Number) Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent. ### Nested Schema for `spec.ingress.to_ports.listener.envoy_config` Required: -- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in. +- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in. Optional: -- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed. +- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed. @@ -860,13 +860,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--originating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--originating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `spec.ingress.to_ports.originating_tls.secret` @@ -877,7 +877,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -886,12 +886,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -910,8 +910,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -919,11 +919,11 @@ Optional: Optional: -- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules--http--header_matches)) -- `headers` (List of String) Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present. -- `host` (String) Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored. -- `method` (String) Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed. -- `path` (String) Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed. +- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules--http--header_matches)) +- `headers` (List of String) Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. +- `host` (String) Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored. +- `method` (String) Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed. +- `path` (String) Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed. ### Nested Schema for `spec.ingress.to_ports.rules.http.header_matches` @@ -934,9 +934,9 @@ Required: Optional: -- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log. -- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules--http--header_matches--secret)) -- `value` (String) Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case. +- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log. +- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--rules--http--header_matches--secret)) +- `value` (String) Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case. ### Nested Schema for `spec.ingress.to_ports.rules.http.header_matches.secret` @@ -947,7 +947,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -957,11 +957,11 @@ Optional: Optional: -- `api_key` (String) APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed. -- `api_version` (String) APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed. -- `client_id` (String) ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed. -- `role` (String) Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed. -- `topic` (String) Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed. +- `api_key` (String) APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed. +- `api_version` (String) APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed. +- `client_id` (String) ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed. +- `role` (String) Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed. +- `topic` (String) Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed. @@ -970,13 +970,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--terminating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--spec--ingress--to_ports--terminating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `spec.ingress.to_ports.terminating_tls.secret` @@ -987,7 +987,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -998,15 +998,15 @@ Optional: Optional: -- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1 -- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_cidr_set)) -- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_endpoints)) -- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host' -- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--ingress_deny--from_groups)) -- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_nodes)) -- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_requires)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--ingress_deny--icmps)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp. (see [below for nested schema](#nestedatt--spec--ingress_deny--to_ports)) +- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1 +- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_cidr_set)) +- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_endpoints)) +- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host' +- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--spec--ingress_deny--from_groups)) +- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_nodes)) +- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_requires)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections. (see [below for nested schema](#nestedatt--spec--ingress_deny--icmps)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp. (see [below for nested schema](#nestedatt--spec--ingress_deny--to_ports)) ### Nested Schema for `spec.ingress_deny.from_cidr_set` @@ -1014,8 +1014,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -1024,7 +1024,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress_deny.from_endpoints.match_expressions` @@ -1032,11 +1032,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1065,7 +1065,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress_deny.from_nodes.match_expressions` @@ -1073,11 +1073,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1087,7 +1087,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress_deny--from_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress_deny.from_requires.match_expressions` @@ -1095,11 +1095,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1115,11 +1115,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -1135,12 +1135,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -1164,7 +1164,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.node_selector.match_expressions` @@ -1172,11 +1172,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1186,15 +1186,15 @@ Optional: Optional: -- `description` (String) Description is a free form string, it can be used by the creator ofthe rule to store human readable explanation of the purpose of thisrule. Rules cannot be identified by comment. -- `egress` (Attributes List) Egress is a list of EgressRule which are enforced at egress.If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--specs--egress)) -- `egress_deny` (Attributes List) EgressDeny is a list of EgressDenyRule which are enforced at egress.Any rule inserted here will be denied regardless of the allowed egressrules in the 'egress' field.If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--specs--egress_deny)) -- `enable_default_deny` (Attributes) EnableDefaultDeny determines whether this policy configures thesubject endpoint(s) to have a default deny mode. If enabled,this causes all traffic not explicitly allowed by a network policyto be dropped.If not specified, the default is true for each traffic directionthat has rules, and false otherwise. For example, if a policyonly has Ingress or IngressDeny rules, then the default foringress is true and egress is false.If multiple policies apply to an endpoint, that endpoint's default denywill be enabled if any policy requests it.This is useful for creating broad-based network policies that will notcause endpoints to enter default-deny mode. (see [below for nested schema](#nestedatt--specs--enable_default_deny)) -- `endpoint_selector` (Attributes) EndpointSelector selects all endpoints which should be subject tothis rule. EndpointSelector and NodeSelector cannot be both empty andare mutually exclusive. (see [below for nested schema](#nestedatt--specs--endpoint_selector)) -- `ingress` (Attributes List) Ingress is a list of IngressRule which are enforced at ingress.If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--specs--ingress)) -- `ingress_deny` (Attributes List) IngressDeny is a list of IngressDenyRule which are enforced at ingress.Any rule inserted here will be denied regardless of the allowed ingressrules in the 'ingress' field.If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--specs--ingress_deny)) -- `labels` (Attributes List) Labels is a list of optional strings which can be used tore-identify the rule or to store metadata. It is possible to lookupor delete strings based on labels. Labels are not required to beunique, multiple rules can have overlapping or identical labels. (see [below for nested schema](#nestedatt--specs--labels)) -- `node_selector` (Attributes) NodeSelector selects all nodes which should be subject to this rule.EndpointSelector and NodeSelector cannot be both empty and are mutuallyexclusive. Can only be used in CiliumClusterwideNetworkPolicies. (see [below for nested schema](#nestedatt--specs--node_selector)) +- `description` (String) Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment. +- `egress` (Attributes List) Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--specs--egress)) +- `egress_deny` (Attributes List) EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will be denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress. (see [below for nested schema](#nestedatt--specs--egress_deny)) +- `enable_default_deny` (Attributes) EnableDefaultDeny determines whether this policy configures the subject endpoint(s) to have a default deny mode. If enabled, this causes all traffic not explicitly allowed by a network policy to be dropped. If not specified, the default is true for each traffic direction that has rules, and false otherwise. For example, if a policy only has Ingress or IngressDeny rules, then the default for ingress is true and egress is false. If multiple policies apply to an endpoint, that endpoint's default deny will be enabled if any policy requests it. This is useful for creating broad-based network policies that will not cause endpoints to enter default-deny mode. (see [below for nested schema](#nestedatt--specs--enable_default_deny)) +- `endpoint_selector` (Attributes) EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. (see [below for nested schema](#nestedatt--specs--endpoint_selector)) +- `ingress` (Attributes List) Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--specs--ingress)) +- `ingress_deny` (Attributes List) IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will be denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress. (see [below for nested schema](#nestedatt--specs--ingress_deny)) +- `labels` (Attributes List) Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels. (see [below for nested schema](#nestedatt--specs--labels)) +- `node_selector` (Attributes) NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies. (see [below for nested schema](#nestedatt--specs--node_selector)) ### Nested Schema for `specs.egress` @@ -1202,17 +1202,17 @@ Optional: Optional: - `authentication` (Attributes) Authentication is the required authentication type for the allowed traffic, if any. (see [below for nested schema](#nestedatt--specs--egress--authentication)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed to connect to.Example:Any endpoint with the label 'app=httpd' is allowed to initiatetype 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--egress--icmps)) -- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 -- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--specs--egress--to_cidr_set)) -- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--specs--egress--to_endpoints)) -- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'. -- `to_fqd_ns` (Attributes List) ToFQDN allows whitelisting DNS names in place of IPs. The IPs that resultfrom DNS resolution of 'ToFQDN.MatchName's are added to the sameEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 andL7 rules within this EgressRule will also apply to these IPs.The DNS -> IP mapping is re-resolved periodically from within thecilium-agent, and the IPs in the DNS response are effected in the policyfor selected pods as-is (i.e. the list of IPs is not modified in any way).Note: An explicit rule to allow for DNS traffic is needed for the pods, asToFQDN counts as an egress rule and will enforce egress policy whenPolicyEnforcment=default.Note: If the resolved IPs are IPs within the kubernetes cluster, theToFQDN rule will not apply to that IP.Note: ToFQDN cannot occur in the same policy as other To* rules. (see [below for nested schema](#nestedatt--specs--egress--to_fqd_ns)) -- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--egress--to_groups)) -- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--specs--egress--to_nodes)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toconnect to.Example:Any endpoint with the label 'role=frontend' is allowed to initiateconnections to destination port 8080/tcp (see [below for nested schema](#nestedatt--specs--egress--to_ports)) -- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--egress--to_requires)) -- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--specs--egress--to_services)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'app=httpd' is allowed to initiate type 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--egress--icmps)) +- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 +- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--specs--egress--to_cidr_set)) +- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--specs--egress--to_endpoints)) +- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'. +- `to_fqd_ns` (Attributes List) ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of 'ToFQDN.MatchName's are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules. (see [below for nested schema](#nestedatt--specs--egress--to_fqd_ns)) +- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--egress--to_groups)) +- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--specs--egress--to_nodes)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. Example: Any endpoint with the label 'role=frontend' is allowed to initiate connections to destination port 8080/tcp (see [below for nested schema](#nestedatt--specs--egress--to_ports)) +- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--egress--to_requires)) +- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--specs--egress--to_services)) ### Nested Schema for `specs.egress.authentication` @@ -1234,11 +1234,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -1248,8 +1248,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -1258,7 +1258,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress--to_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress.to_endpoints.match_expressions` @@ -1266,11 +1266,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1279,8 +1279,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -1308,7 +1308,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress--to_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress.to_nodes.match_expressions` @@ -1316,11 +1316,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1329,35 +1329,35 @@ Optional: Optional: -- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should beredirected to. (see [below for nested schema](#nestedatt--specs--egress--to_ports--listener)) -- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint. (see [below for nested schema](#nestedatt--specs--egress--to_ports--originating_tls)) +- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should be redirected to. (see [below for nested schema](#nestedatt--specs--egress--to_ports--listener)) +- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint. (see [below for nested schema](#nestedatt--specs--egress--to_ports--originating_tls)) - `ports` (Attributes List) Ports is a list of L4 port/protocol (see [below for nested schema](#nestedatt--specs--egress--to_ports--ports)) -- `rules` (Attributes) Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules)) -- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake. -- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--specs--egress--to_ports--terminating_tls)) +- `rules` (Attributes) Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules)) +- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake. +- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--specs--egress--to_ports--terminating_tls)) ### Nested Schema for `specs.egress.to_ports.listener` Required: -- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined. (see [below for nested schema](#nestedatt--specs--egress--to_ports--listener--envoy_config)) +- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined. (see [below for nested schema](#nestedatt--specs--egress--to_ports--listener--envoy_config)) - `name` (String) Name is the name of the listener. Optional: -- `priority` (Number) Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent. +- `priority` (Number) Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent. ### Nested Schema for `specs.egress.to_ports.listener.envoy_config` Required: -- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in. +- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in. Optional: -- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed. +- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed. @@ -1366,13 +1366,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--egress--to_ports--originating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--egress--to_ports--originating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `specs.egress.to_ports.originating_tls.secret` @@ -1383,7 +1383,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -1392,12 +1392,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -1416,8 +1416,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -1425,11 +1425,11 @@ Optional: Optional: -- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules--http--header_matches)) -- `headers` (List of String) Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present. -- `host` (String) Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored. -- `method` (String) Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed. -- `path` (String) Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed. +- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules--http--header_matches)) +- `headers` (List of String) Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. +- `host` (String) Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored. +- `method` (String) Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed. +- `path` (String) Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed. ### Nested Schema for `specs.egress.to_ports.rules.http.header_matches` @@ -1440,9 +1440,9 @@ Required: Optional: -- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log. -- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules--http--header_matches--secret)) -- `value` (String) Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case. +- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log. +- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--specs--egress--to_ports--rules--http--header_matches--secret)) +- `value` (String) Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case. ### Nested Schema for `specs.egress.to_ports.rules.http.header_matches.secret` @@ -1453,7 +1453,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -1463,11 +1463,11 @@ Optional: Optional: -- `api_key` (String) APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed. -- `api_version` (String) APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed. -- `client_id` (String) ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed. -- `role` (String) Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed. -- `topic` (String) Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed. +- `api_key` (String) APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed. +- `api_version` (String) APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed. +- `client_id` (String) ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed. +- `role` (String) Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed. +- `topic` (String) Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed. @@ -1476,13 +1476,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--egress--to_ports--terminating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--egress--to_ports--terminating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `specs.egress.to_ports.terminating_tls.secret` @@ -1493,7 +1493,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -1504,7 +1504,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress--to_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress.to_requires.match_expressions` @@ -1512,11 +1512,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1554,7 +1554,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress--to_services--k8s_service_selector--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress.to_services.k8s_service_selector.selector.match_expressions` @@ -1562,11 +1562,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1578,16 +1578,16 @@ Optional: Optional: -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed to connect to.Example:Any endpoint with the label 'app=httpd' is not allowed to initiatetype 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--egress_deny--icmps)) -- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections. Only connections destined foroutside of the cluster and not targeting the host will be subjectto CIDR rules. This will match on the destination IP address ofoutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSetwith no ExcludeCIDRs is equivalent. Overlaps are allowed betweenToCIDR and ToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 -- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the ruleis allowed to initiate connections to in addition to connectionswhich are allowed via ToEndpoints, along with a list of subnets containedwithin their corresponding IP block to which traffic should not beallowed. This will match on the destination IP address of outgoingconnections. Adding a prefix into ToCIDR or into ToCIDRSet with noExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR andToCIDRSet.Example:Any endpoint with the label 'app=database-proxy' is allowed toinitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--specs--egress_deny--to_cidr_set)) -- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector towhich the endpoints subject to the rule are allowed to communicate.Example:Any endpoint with the label 'role=frontend' can communicate with anyendpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--specs--egress_deny--to_endpoints)) -- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subjectto the rule is allowed to initiate connections. Supported entities are'world', 'cluster','host','remote-node','kube-apiserver', 'init','health','unmanaged' and 'all'. -- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:toGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--egress_deny--to_groups)) -- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by anEndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--specs--egress_deny--to_nodes)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed to connectto.Example:Any endpoint with the label 'role=frontend' is not allowed to initiateconnections to destination port 8080/tcp (see [below for nested schema](#nestedatt--specs--egress_deny--to_ports)) -- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be metin order for the selected endpoints to be able to connect to otherendpoints. These additional constraints do no by itself grant accessprivileges and must always be accompanied with at least one matchingToEndpoints.Example:Any Endpoint with the label 'team=A' requires any endpoint to which itcommunicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--egress_deny--to_requires)) -- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subjectto the rule is allowed to initiate connections.Currently Cilium only supports toServices for K8s services withoutselectors.Example:Any endpoint with the label 'app=backend-app' is allowed toinitiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--specs--egress_deny--to_services)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'app=httpd' is not allowed to initiate type 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--egress_deny--icmps)) +- `to_cidr` (List of String) ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 +- `to_cidr_set` (Attributes List) ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. Example: Any endpoint with the label 'app=database-proxy' is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28. (see [below for nested schema](#nestedatt--specs--egress_deny--to_cidr_set)) +- `to_endpoints` (Attributes List) ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. Example: Any endpoint with the label 'role=frontend' can communicate with any endpoint carrying the label 'role=backend'. (see [below for nested schema](#nestedatt--specs--egress_deny--to_endpoints)) +- `to_entities` (List of String) ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are 'world', 'cluster','host','remote-node','kube-apiserver', 'init', 'health','unmanaged' and 'all'. +- `to_groups` (Attributes List) ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--egress_deny--to_groups)) +- `to_nodes` (Attributes List) ToNodes is a list of nodes identified by an EndpointSelector to which endpoints subject to the rule is allowed to communicate. (see [below for nested schema](#nestedatt--specs--egress_deny--to_nodes)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. Example: Any endpoint with the label 'role=frontend' is not allowed to initiate connections to destination port 8080/tcp (see [below for nested schema](#nestedatt--specs--egress_deny--to_ports)) +- `to_requires` (Attributes List) ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. Example: Any Endpoint with the label 'team=A' requires any endpoint to which it communicates to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--egress_deny--to_requires)) +- `to_services` (Attributes List) ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. Example: Any endpoint with the label 'app=backend-app' is allowed to initiate connections to all cidrs backing the 'external-service' service (see [below for nested schema](#nestedatt--specs--egress_deny--to_services)) ### Nested Schema for `specs.egress_deny.icmps` @@ -1601,11 +1601,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -1615,8 +1615,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -1625,7 +1625,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress_deny--to_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress_deny.to_endpoints.match_expressions` @@ -1633,11 +1633,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1666,7 +1666,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress_deny--to_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress_deny.to_nodes.match_expressions` @@ -1674,11 +1674,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1694,12 +1694,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -1709,7 +1709,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress_deny--to_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress_deny.to_requires.match_expressions` @@ -1717,11 +1717,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1759,7 +1759,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--egress_deny--to_services--k8s_service_selector--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.egress_deny.to_services.k8s_service_selector.selector.match_expressions` @@ -1767,11 +1767,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1783,8 +1783,8 @@ Optional: Optional: -- `egress` (Boolean) Whether or not the endpoint should have a default-deny rule appliedto egress traffic. -- `ingress` (Boolean) Whether or not the endpoint should have a default-deny rule appliedto ingress traffic. +- `egress` (Boolean) Whether or not the endpoint should have a default-deny rule applied to egress traffic. +- `ingress` (Boolean) Whether or not the endpoint should have a default-deny rule applied to ingress traffic. @@ -1793,7 +1793,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--endpoint_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.endpoint_selector.match_expressions` @@ -1801,11 +1801,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1815,15 +1815,15 @@ Optional: Optional: - `authentication` (Attributes) Authentication is the required authentication type for the allowed traffic, if any. (see [below for nested schema](#nestedatt--specs--ingress--authentication)) -- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1 -- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--specs--ingress--from_cidr_set)) -- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--specs--ingress--from_endpoints)) -- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host' -- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--ingress--from_groups)) -- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule. (see [below for nested schema](#nestedatt--specs--ingress--from_nodes)) -- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--ingress--from_requires)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingtype 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--ingress--icmps)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can only accept incomingconnections on port 80/tcp. (see [below for nested schema](#nestedatt--specs--ingress--to_ports)) +- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1 +- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--specs--ingress--from_cidr_set)) +- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--specs--ingress--from_endpoints)) +- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host' +- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--ingress--from_groups)) +- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. (see [below for nested schema](#nestedatt--specs--ingress--from_nodes)) +- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--ingress--from_requires)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming type 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--ingress--icmps)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can only accept incoming connections on port 80/tcp. (see [below for nested schema](#nestedatt--specs--ingress--to_ports)) ### Nested Schema for `specs.ingress.authentication` @@ -1839,8 +1839,8 @@ Required: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -1849,7 +1849,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress--from_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress.from_endpoints.match_expressions` @@ -1857,11 +1857,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1890,7 +1890,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress--from_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress.from_nodes.match_expressions` @@ -1898,11 +1898,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1912,7 +1912,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress--from_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress.from_requires.match_expressions` @@ -1920,11 +1920,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -1940,11 +1940,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -1953,35 +1953,35 @@ Optional: Optional: -- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should beredirected to. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--listener)) -- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated bythe L7 proxy. For egress policy this specifies the client-side TLSparameters for the upstream connection originating from the L7 proxyto the remote destination. For ingress policy this specifies theclient-side TLS parameters for the connection from the L7 proxy tothe local endpoint. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--originating_tls)) +- `listener` (Attributes) listener specifies the name of a custom Envoy listener to which this traffic should be redirected to. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--listener)) +- `originating_tls` (Attributes) OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--originating_tls)) - `ports` (Attributes List) Ports is a list of L4 port/protocol (see [below for nested schema](#nestedatt--specs--ingress--to_ports--ports)) -- `rules` (Attributes) Rules is a list of additional port level rules which must be met inorder for the PortRule to allow the traffic. If omitted or empty,no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules)) -- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, thenTLS must be present and one of the provided SNIs must be indicated in theTLS handshake. -- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated bythe L7 proxy. For egress policy this specifies the server-side TLSparameters to be applied on the connections originated from the localendpoint and terminated by the L7 proxy. For ingress policy this specifiesthe server-side TLS parameters to be applied on the connectionsoriginated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--terminating_tls)) +- `rules` (Attributes) Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules)) +- `server_names` (List of String) ServerNames is a list of allowed TLS SNI values. If not empty, then TLS must be present and one of the provided SNIs must be indicated in the TLS handshake. +- `terminating_tls` (Attributes) TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--terminating_tls)) ### Nested Schema for `specs.ingress.to_ports.listener` Required: -- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in whichthe listener is defined. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--listener--envoy_config)) +- `envoy_config` (Attributes) EnvoyConfig is a reference to the CEC or CCEC resource in which the listener is defined. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--listener--envoy_config)) - `name` (String) Name is the name of the listener. Optional: -- `priority` (Number) Priority for this Listener that is used when multiple rules would apply differentlisteners to a policy map entry. Behavior of this is implementation dependent. +- `priority` (Number) Priority for this Listener that is used when multiple rules would apply different listeners to a policy map entry. Behavior of this is implementation dependent. ### Nested Schema for `specs.ingress.to_ports.listener.envoy_config` Required: -- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig wherethe listener is defined in. +- `name` (String) Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where the listener is defined in. Optional: -- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig orCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,respectively. The only case this is currently explicitly needed is when referring to aCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listenerfrom a cluster scoped policy is not allowed. +- `kind` (String) Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, respectively. The only case this is currently explicitly needed is when referring to a CiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener from a cluster scoped policy is not allowed. @@ -1990,13 +1990,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--originating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--originating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `specs.ingress.to_ports.originating_tls.secret` @@ -2007,7 +2007,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -2016,12 +2016,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -2040,8 +2040,8 @@ Optional: Optional: -- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically addedwhen missing. -- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards arecase insensitive. The wildcards are:- '*' matches 0 or more DNS valid characters, and may occur anywhere inthe pattern. As a special case a '*' as the leftmost character, without afollowing '.' matches all subdomains as well as the name to the right.A trailing '.' is automatically added when missing.Examples:'*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not'*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does notsub*.cilium.io matches subdomains of cilium where the subdomain componentbegins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not +- `match_name` (String) MatchName matches literal DNS names. A trailing '.' is automatically added when missing. +- `match_pattern` (String) MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - '*' matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a '*' as the leftmost character, without a following '.' matches all subdomains as well as the name to the right. A trailing '.' is automatically added when missing. Examples: '*.cilium.io' matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not '*cilium.io' matches cilium.io and all subdomains ends with 'cilium.io' except those containing '.' separator, subcilium.io and sub-cilium.io match, www.cilium.io and blog.cilium.io does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with 'sub' sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not @@ -2049,11 +2049,11 @@ Optional: Optional: -- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must bepresent and match against the given values. Mismatch field can be usedto specify what to do when there is no match. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules--http--header_matches)) -- `headers` (List of String) Headers is a list of HTTP headers which must be present in therequest. If omitted or empty, requests are allowed regardless ofheaders present. -- `host` (String) Host is an extended POSIX regex matched against the host header of arequest. Examples:- foo.bar.com will match the host fooXbar.com or foo-bar.com- foo.bar.com will only match the host foo.bar.comIf omitted or empty, the value of the host header is ignored. -- `method` (String) Method is an extended POSIX regex matched against the method of arequest, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ...If omitted or empty, all methods are allowed. -- `path` (String) Path is an extended POSIX regex matched against the path of arequest. Currently it can contain characters disallowed from theconventional 'path' part of a URL as defined by RFC 3986.If omitted or empty, all paths are all allowed. +- `header_matches` (Attributes List) HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules--http--header_matches)) +- `headers` (List of String) Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present. +- `host` (String) Host is an extended POSIX regex matched against the host header of a request. Examples: - foo.bar.com will match the host fooXbar.com or foo-bar.com - foo.bar.com will only match the host foo.bar.com If omitted or empty, the value of the host header is ignored. +- `method` (String) Method is an extended POSIX regex matched against the method of a request, e.g. 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', ... If omitted or empty, all methods are allowed. +- `path` (String) Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional 'path' part of a URL as defined by RFC 3986. If omitted or empty, all paths are all allowed. ### Nested Schema for `specs.ingress.to_ports.rules.http.header_matches` @@ -2064,9 +2064,9 @@ Required: Optional: -- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default isto drop the request. Otherwise the overall rule is still considered asmatching, but the mismatches are logged in the access log. -- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against.The secret must only contain one entry. If the referred secret does notexist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules--http--header_matches--secret)) -- `value` (String) Value matches the exact value of the header. Can be specified eitheralone or together with 'Secret'; will be used as the header value if thesecret can not be found in the latter case. +- `mismatch` (String) Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log. +- `secret` (Attributes) Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no 'Value' specified, the match will fail. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--rules--http--header_matches--secret)) +- `value` (String) Value matches the exact value of the header. Can be specified either alone or together with 'Secret'; will be used as the header value if the secret can not be found in the latter case. ### Nested Schema for `specs.ingress.to_ports.rules.http.header_matches.secret` @@ -2077,7 +2077,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -2087,11 +2087,11 @@ Optional: Optional: -- `api_key` (String) APIKey is a case-insensitive string matched against the key of arequest, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et alReference: https://kafka.apache.org/protocol#protocol_api_keysIf omitted or empty, and if Role is not specified, then all keys are allowed. -- `api_version` (String) APIVersion is the version matched against the api version of theKafka message. If set, it has to be a string representing a positiveinteger.If omitted or empty, all versions are allowed. -- `client_id` (String) ClientID is the client identifier as provided in the request.From Kafka protocol documentation:This is a user supplied identifier for the client application. Theuser can use any identifier they like and it will be used whenlogging errors, monitoring aggregates, etc. For example, one mightwant to monitor not just the requests per second overall, but thenumber coming from each client application (each of which couldreside on multiple servers). This id acts as a logical groupingacross all requests from a particular client.If omitted or empty, all client identifiers are allowed. -- `role` (String) Role is a case-insensitive string and describes a group of API keysnecessary to perform certain higher-level Kafka operations such as 'produce'or 'consume'. A Role automatically expands into all APIKeys requiredto perform the specified higher-level operation.The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the ruleThis field is incompatible with the APIKey field, i.e APIKey and Rolecannot both be specified in the same rule.If omitted or empty, and if APIKey is not specified, then all keys areallowed. -- `topic` (String) Topic is the topic name contained in the message. If a Kafka requestcontains multiple topics, then all topics must be allowed or themessage will be rejected.This constraint is ignored if the matched request message typedoesn't contain any topic. Maximum size of Topic can be 249characters as per recent Kafka spec and allowed characters area-z, A-Z, 0-9, -, . and _.Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10version the length was changed from 255 to 249. For compatibilityreasons we are using 255.If omitted or empty, all topics are allowed. +- `api_key` (String) APIKey is a case-insensitive string matched against the key of a request, e.g. 'produce', 'fetch', 'createtopic', 'deletetopic', et al Reference: https://kafka.apache.org/protocol#protocol_api_keys If omitted or empty, and if Role is not specified, then all keys are allowed. +- `api_version` (String) APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. If omitted or empty, all versions are allowed. +- `client_id` (String) ClientID is the client identifier as provided in the request. From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. If omitted or empty, all client identifiers are allowed. +- `role` (String) Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as 'produce' or 'consume'. A Role automatically expands into all APIKeys required to perform the specified higher-level operation. The following values are supported: - 'produce': Allow producing to the topics specified in the rule - 'consume': Allow consuming from the topics specified in the rule This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. If omitted or empty, and if APIKey is not specified, then all keys are allowed. +- `topic` (String) Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. If omitted or empty, all topics are allowed. @@ -2100,13 +2100,13 @@ Optional: Required: -- `secret` (Attributes) Secret is the secret that contains the certificates and private key forthe TLS context.By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--terminating_tls--secret)) +- `secret` (Attributes) Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate. (see [below for nested schema](#nestedatt--specs--ingress--to_ports--terminating_tls--secret)) Optional: -- `certificate` (String) Certificate is the file name or k8s secret item name for the certificatechain. If omitted, 'tls.crt' is assumed, if it exists. If given, theitem must exist. -- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private keymatching the certificate chain. If omitted, 'tls.key' is assumed, if itexists. If given, the item must exist. -- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA.If omitted, 'ca.crt' is assumed, if it exists. If given, the item mustexist. +- `certificate` (String) Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist. +- `private_key` (String) PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist. +- `trusted_ca` (String) TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist. ### Nested Schema for `specs.ingress.to_ports.terminating_tls.secret` @@ -2117,7 +2117,7 @@ Required: Optional: -- `namespace` (String) Namespace is the namespace in which the secret exists. Context of usedetermines the default value if left out (e.g., 'default'). +- `namespace` (String) Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., 'default'). @@ -2128,15 +2128,15 @@ Optional: Optional: -- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from. Only connections whichdo *not* originate from the cluster or from the local host are subjectto CIDR rules. In order to allow in-cluster connectivity, use theFromEndpoints field. This will match on the source IP address ofincoming connections. Adding a prefix into FromCIDR or intoFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps areallowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.3.9.1 -- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to therule is allowed to receive connections from in addition to FromEndpoints,along with a list of subnets contained within their corresponding IP blockfrom which traffic should not be allowed.This will match on the source IP address of incoming connections. Addinga prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs isequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.Example:Any endpoint with the label 'app=my-legacy-pet' is allowed to receiveconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_cidr_set)) -- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule.Example:Any endpoint with the label 'role=backend' can be consumed by anyendpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_endpoints)) -- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subjectto the rule is allowed to receive connections from. Supported entities are'world', 'cluster' and 'host' -- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outsideproviders. Currently, only AWS is supported, and the rule can select bymultiple sub directives:Example:FromGroups:- aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--ingress_deny--from_groups)) -- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by anEndpointSelector which are allowed to communicate with the endpointsubject to the rule. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_nodes)) -- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be metin order for the selected endpoints to be reachable. Theseadditional constraints do no by itself grant access privileges andmust always be accompanied with at least one matching FromEndpoints.Example:Any Endpoint with the label 'team=A' requires consuming endpointto also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_requires)) -- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type numberwhich the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingtype 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--ingress_deny--icmps)) -- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number andprotocol which the endpoint subject to the rule is not allowed toreceive connections on.Example:Any endpoint with the label 'app=httpd' can not accept incomingconnections on port 80/tcp. (see [below for nested schema](#nestedatt--specs--ingress_deny--to_ports)) +- `from_cidr` (List of String) FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.3.9.1 +- `from_cidr_set` (Attributes List) FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. Example: Any endpoint with the label 'app=my-legacy-pet' is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_cidr_set)) +- `from_endpoints` (Attributes List) FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. Example: Any endpoint with the label 'role=backend' can be consumed by any endpoint carrying the label 'role=frontend'. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_endpoints)) +- `from_entities` (List of String) FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are 'world', 'cluster' and 'host' +- `from_groups` (Attributes List) FromGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX' (see [below for nested schema](#nestedatt--specs--ingress_deny--from_groups)) +- `from_nodes` (Attributes List) FromNodes is a list of nodes identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_nodes)) +- `from_requires` (Attributes List) FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. Example: Any Endpoint with the label 'team=A' requires consuming endpoint to also carry the label 'team=A'. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_requires)) +- `icmps` (Attributes List) ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming type 8 ICMP connections. (see [below for nested schema](#nestedatt--specs--ingress_deny--icmps)) +- `to_ports` (Attributes List) ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. Example: Any endpoint with the label 'app=httpd' can not accept incoming connections on port 80/tcp. (see [below for nested schema](#nestedatt--specs--ingress_deny--to_ports)) ### Nested Schema for `specs.ingress_deny.from_cidr_set` @@ -2144,8 +2144,8 @@ Optional: Optional: - `cidr` (String) CIDR is a CIDR prefix / IP Block. -- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object.A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject tothe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receiveconnections from. -- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the ruleis not allowed to initiate connections to. These CIDR prefixes should becontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is notsupported yet.These exceptions are only applied to the Cidr in this CIDRRule, and do notapply to any other CIDR prefixes in any other CIDRRules. +- `cidr_group_ref` (String) CIDRGroupRef is a reference to a CiliumCIDRGroup object. A CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to the rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive connections from. +- `except` (List of String) ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not supported yet. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules. @@ -2154,7 +2154,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_endpoints--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress_deny.from_endpoints.match_expressions` @@ -2162,11 +2162,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2195,7 +2195,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_nodes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress_deny.from_nodes.match_expressions` @@ -2203,11 +2203,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2217,7 +2217,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--ingress_deny--from_requires--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.ingress_deny.from_requires.match_expressions` @@ -2225,11 +2225,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -2245,11 +2245,11 @@ Optional: Required: -- `type` (String) Type is a ICMP-type.It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply').Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply +- `type` (String) Type is a ICMP-type. It should be an 8bit code (0-255), or it's CamelCase name (for example, 'EchoReply'). Allowed ICMP types are: Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest | RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem | Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem | EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport | MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation | NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery | ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement | HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation | MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix | ExtendedEchoRequest | ExtendedEchoReply Optional: -- `family` (String) Family is a IP address version.Currently, we support 'IPv4' and 'IPv6'.'IPv4' is set as default. +- `family` (String) Family is a IP address version. Currently, we support 'IPv4' and 'IPv6'. 'IPv4' is set as default. @@ -2265,12 +2265,12 @@ Optional: Required: -- `port` (String) Port can be an L4 port number, or a name in the form of 'http'or 'http-8080'. +- `port` (String) Port can be an L4 port number, or a name in the form of 'http' or 'http-8080'. Optional: - `end_port` (Number) EndPort can only be an L4 port number. -- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocolmatches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY'Matching on ICMP is not supported.Named port specified for a container may narrow this down, but may notcontradict this. +- `protocol` (String) Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: 'TCP', 'UDP', 'SCTP', 'ANY' Matching on ICMP is not supported. Named port specified for a container may narrow this down, but may not contradict this. @@ -2294,7 +2294,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--specs--node_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `specs.node_selector.match_expressions` @@ -2302,8 +2302,8 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. diff --git a/docs/data-sources/cilium_io_cilium_node_v2_manifest.md b/docs/data-sources/cilium_io_cilium_node_v2_manifest.md index 06428f9ef..6b14734be 100644 --- a/docs/data-sources/cilium_io_cilium_node_v2_manifest.md +++ b/docs/data-sources/cilium_io_cilium_node_v2_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_node_v2_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumNode represents a node managed by Cilium. It contains a specificationto control various node specific configuration aspects and a status sectionto represent the status of the node. + CiliumNode represents a node managed by Cilium. It contains a specification to control various node specific configuration aspects and a status section to represent the status of the node. --- # k8s_cilium_io_cilium_node_v2_manifest (Data Source) -CiliumNode represents a node managed by Cilium. It contains a specificationto control various node specific configuration aspects and a status sectionto represent the status of the node. +CiliumNode represents a node managed by Cilium. It contains a specification to control various node specific configuration aspects and a status section to represent the status of the node. ## Example Usage @@ -57,10 +57,10 @@ Optional: - `bootid` (String) BootID is a unique node identifier generated on boot - `encryption` (Attributes) Encryption is the encryption configuration of the node. (see [below for nested schema](#nestedatt--spec--encryption)) - `eni` (Attributes) ENI is the AWS ENI specific configuration. (see [below for nested schema](#nestedatt--spec--eni)) -- `health` (Attributes) HealthAddressing is the addressing information for health connectivitychecking. (see [below for nested schema](#nestedatt--spec--health)) +- `health` (Attributes) HealthAddressing is the addressing information for health connectivity checking. (see [below for nested schema](#nestedatt--spec--health)) - `ingress` (Attributes) IngressAddressing is the addressing information for Ingress listener. (see [below for nested schema](#nestedatt--spec--ingress)) -- `instance_id` (String) InstanceID is the identifier of the node. This is different from thenode name which is typically the FQDN of the node. The InstanceIDtypically refers to the identifier used by the cloud provider orsome other means of identification. -- `ipam` (Attributes) IPAM is the address management specification. This section can bepopulated by a user or it can be automatically populated by an IPAMoperator. (see [below for nested schema](#nestedatt--spec--ipam)) +- `instance_id` (String) InstanceID is the identifier of the node. This is different from the node name which is typically the FQDN of the node. The InstanceID typically refers to the identifier used by the cloud provider or some other means of identification. +- `ipam` (Attributes) IPAM is the address management specification. This section can be populated by a user or it can be automatically populated by an IPAM operator. (see [below for nested schema](#nestedatt--spec--ipam)) - `nodeidentity` (Number) NodeIdentity is the Cilium numeric identity allocated for the node, if any. @@ -77,13 +77,13 @@ Optional: Optional: -- `availability_zone` (String) AvailabilityZone is the availability zone to use when allocatingENIs. +- `availability_zone` (String) AvailabilityZone is the availability zone to use when allocating ENIs. - `cidr_block` (String) CIDRBlock is vpc ipv4 CIDR - `instance_type` (String) InstanceType is the ECS instance type, e.g. 'ecs.g6.2xlarge' -- `security_group_tags` (Map of String) SecurityGroupTags is the list of tags to use when evaluating whichsecurity groups to use for the ENI. -- `security_groups` (List of String) SecurityGroups is the list of security groups to attach to any ENIthat is created and attached to the instance. +- `security_group_tags` (Map of String) SecurityGroupTags is the list of tags to use when evaluating which security groups to use for the ENI. +- `security_groups` (List of String) SecurityGroups is the list of security groups to attach to any ENI that is created and attached to the instance. - `vpc_id` (String) VPCID is the VPC ID to use when allocating ENIs. -- `vswitch_tags` (Map of String) VSwitchTags is the list of tags to use when evaluating whichvSwitch to use for the ENI. +- `vswitch_tags` (Map of String) VSwitchTags is the list of tags to use when evaluating which vSwitch to use for the ENI. - `vswitches` (List of String) VSwitches is the ID of vSwitch available for ENI @@ -92,7 +92,7 @@ Optional: Optional: -- `interface_name` (String) InterfaceName is the name of the interface the cilium-operatorwill use to allocate all the IPs on +- `interface_name` (String) InterfaceName is the name of the interface the cilium-operator will use to allocate all the IPs on @@ -100,7 +100,7 @@ Optional: Optional: -- `key` (Number) Key is the index to the key to use for encryption or 0 if encryption isdisabled. +- `key` (Number) Key is the index to the key to use for encryption or 0 if encryption is disabled. @@ -108,22 +108,22 @@ Optional: Optional: -- `availability_zone` (String) AvailabilityZone is the availability zone to use when allocatingENIs. -- `delete_on_termination` (Boolean) DeleteOnTermination defines that the ENI should be deleted when theassociated instance is terminated. If the parameter is not set thedefault behavior is to delete the ENI on instance termination. -- `disable_prefix_delegation` (Boolean) DisablePrefixDelegation determines whether ENI prefix delegation should bedisabled on this node. -- `exclude_interface_tags` (Map of String) ExcludeInterfaceTags is the list of tags to use when excluding ENIs forCilium IP allocation. Any interface matching this set of tags will notbe managed by Cilium. -- `first_interface_index` (Number) FirstInterfaceIndex is the index of the first ENI to use for IPallocation, e.g. if the node has eth0, eth1, eth2 andFirstInterfaceIndex is set to 1, then only eth1 and eth2 will beused for IP allocation, eth0 will be ignored for PodIP allocation. -- `instance_id` (String) InstanceID is the AWS InstanceId of the node. The InstanceID is usedto retrieve AWS metadata for the node.OBSOLETE: This field is obsolete, please use Spec.InstanceID +- `availability_zone` (String) AvailabilityZone is the availability zone to use when allocating ENIs. +- `delete_on_termination` (Boolean) DeleteOnTermination defines that the ENI should be deleted when the associated instance is terminated. If the parameter is not set the default behavior is to delete the ENI on instance termination. +- `disable_prefix_delegation` (Boolean) DisablePrefixDelegation determines whether ENI prefix delegation should be disabled on this node. +- `exclude_interface_tags` (Map of String) ExcludeInterfaceTags is the list of tags to use when excluding ENIs for Cilium IP allocation. Any interface matching this set of tags will not be managed by Cilium. +- `first_interface_index` (Number) FirstInterfaceIndex is the index of the first ENI to use for IP allocation, e.g. if the node has eth0, eth1, eth2 and FirstInterfaceIndex is set to 1, then only eth1 and eth2 will be used for IP allocation, eth0 will be ignored for PodIP allocation. +- `instance_id` (String) InstanceID is the AWS InstanceId of the node. The InstanceID is used to retrieve AWS metadata for the node. OBSOLETE: This field is obsolete, please use Spec.InstanceID - `instance_type` (String) InstanceType is the AWS EC2 instance type, e.g. 'm5.large' -- `max_above_watermark` (Number) MaxAboveWatermark is the maximum number of addresses to allocatebeyond the addresses needed to reach the PreAllocate watermark.Going above the watermark can help reduce the number of API calls toallocate IPs, e.g. when a new ENI is allocated, as many secondaryIPs as possible are allocated. Limiting the amount can help reducewaste of IPs.OBSOLETE: This field is obsolete, please use Spec.IPAM.MaxAboveWatermark -- `min_allocate` (Number) MinAllocate is the minimum number of IPs that must be allocated whenthe node is first bootstrapped. It defines the minimum base socketof addresses that must be available. After reaching this watermark,the PreAllocate and MaxAboveWatermark logic takes over to continueallocating IPs.OBSOLETE: This field is obsolete, please use Spec.IPAM.MinAllocate -- `node_subnet_id` (String) NodeSubnetID is the subnet of the primary ENI the instance was brought upwith. It is used as a sensible default subnet to create ENIs in. -- `pre_allocate` (Number) PreAllocate defines the number of IP addresses that must beavailable for allocation in the IPAMspec. It defines the buffer ofaddresses available immediately without requiring cilium-operator toget involved.OBSOLETE: This field is obsolete, please use Spec.IPAM.PreAllocate -- `security_group_tags` (Map of String) SecurityGroupTags is the list of tags to use when evaliating whatAWS security groups to use for the ENI. -- `security_groups` (List of String) SecurityGroups is the list of security groups to attach to any ENIthat is created and attached to the instance. -- `subnet_ids` (List of String) SubnetIDs is the list of subnet ids to use when evaluating what AWSsubnets to use for ENI and IP allocation. -- `subnet_tags` (Map of String) SubnetTags is the list of tags to use when evaluating what AWSsubnets to use for ENI and IP allocation. -- `use_primary_address` (Boolean) UsePrimaryAddress determines whether an ENI's primary addressshould be available for allocations on the node +- `max_above_watermark` (Number) MaxAboveWatermark is the maximum number of addresses to allocate beyond the addresses needed to reach the PreAllocate watermark. Going above the watermark can help reduce the number of API calls to allocate IPs, e.g. when a new ENI is allocated, as many secondary IPs as possible are allocated. Limiting the amount can help reduce waste of IPs. OBSOLETE: This field is obsolete, please use Spec.IPAM.MaxAboveWatermark +- `min_allocate` (Number) MinAllocate is the minimum number of IPs that must be allocated when the node is first bootstrapped. It defines the minimum base socket of addresses that must be available. After reaching this watermark, the PreAllocate and MaxAboveWatermark logic takes over to continue allocating IPs. OBSOLETE: This field is obsolete, please use Spec.IPAM.MinAllocate +- `node_subnet_id` (String) NodeSubnetID is the subnet of the primary ENI the instance was brought up with. It is used as a sensible default subnet to create ENIs in. +- `pre_allocate` (Number) PreAllocate defines the number of IP addresses that must be available for allocation in the IPAMspec. It defines the buffer of addresses available immediately without requiring cilium-operator to get involved. OBSOLETE: This field is obsolete, please use Spec.IPAM.PreAllocate +- `security_group_tags` (Map of String) SecurityGroupTags is the list of tags to use when evaliating what AWS security groups to use for the ENI. +- `security_groups` (List of String) SecurityGroups is the list of security groups to attach to any ENI that is created and attached to the instance. +- `subnet_ids` (List of String) SubnetIDs is the list of subnet ids to use when evaluating what AWS subnets to use for ENI and IP allocation. +- `subnet_tags` (Map of String) SubnetTags is the list of tags to use when evaluating what AWS subnets to use for ENI and IP allocation. +- `use_primary_address` (Boolean) UsePrimaryAddress determines whether an ENI's primary address should be available for allocations on the node - `vpc_id` (String) VpcID is the VPC ID to use when allocating ENIs. @@ -150,22 +150,22 @@ Optional: Optional: -- `ipv6_pool` (Attributes) IPv6Pool is the list of IPv6 addresses available to the node for allocation.When an IPv6 address is used, it will remain on this list but will be added toStatus.IPAM.IPv6Used (see [below for nested schema](#nestedatt--spec--ipam--ipv6_pool)) -- `max_above_watermark` (Number) MaxAboveWatermark is the maximum number of addresses to allocatebeyond the addresses needed to reach the PreAllocate watermark.Going above the watermark can help reduce the number of API calls toallocate IPs, e.g. when a new ENI is allocated, as many secondaryIPs as possible are allocated. Limiting the amount can help reducewaste of IPs. -- `max_allocate` (Number) MaxAllocate is the maximum number of IPs that can be allocated to thenode. When the current amount of allocated IPs will approach this value,the considered value for PreAllocate will decrease down to 0 in order tonot attempt to allocate more addresses than defined. -- `min_allocate` (Number) MinAllocate is the minimum number of IPs that must be allocated whenthe node is first bootstrapped. It defines the minimum base socketof addresses that must be available. After reaching this watermark,the PreAllocate and MaxAboveWatermark logic takes over to continueallocating IPs. -- `pod_cid_rs` (List of String) PodCIDRs is the list of CIDRs available to the node for allocation.When an IP is used, the IP will be added to Status.IPAM.Used -- `pool` (Attributes) Pool is the list of IPv4 addresses available to the node for allocation.When an IPv4 address is used, it will remain on this list but will be added toStatus.IPAM.Used (see [below for nested schema](#nestedatt--spec--ipam--pool)) +- `ipv6_pool` (Attributes) IPv6Pool is the list of IPv6 addresses available to the node for allocation. When an IPv6 address is used, it will remain on this list but will be added to Status.IPAM.IPv6Used (see [below for nested schema](#nestedatt--spec--ipam--ipv6_pool)) +- `max_above_watermark` (Number) MaxAboveWatermark is the maximum number of addresses to allocate beyond the addresses needed to reach the PreAllocate watermark. Going above the watermark can help reduce the number of API calls to allocate IPs, e.g. when a new ENI is allocated, as many secondary IPs as possible are allocated. Limiting the amount can help reduce waste of IPs. +- `max_allocate` (Number) MaxAllocate is the maximum number of IPs that can be allocated to the node. When the current amount of allocated IPs will approach this value, the considered value for PreAllocate will decrease down to 0 in order to not attempt to allocate more addresses than defined. +- `min_allocate` (Number) MinAllocate is the minimum number of IPs that must be allocated when the node is first bootstrapped. It defines the minimum base socket of addresses that must be available. After reaching this watermark, the PreAllocate and MaxAboveWatermark logic takes over to continue allocating IPs. +- `pod_cidrs` (List of String) PodCIDRs is the list of CIDRs available to the node for allocation. When an IP is used, the IP will be added to Status.IPAM.Used +- `pool` (Attributes) Pool is the list of IPv4 addresses available to the node for allocation. When an IPv4 address is used, it will remain on this list but will be added to Status.IPAM.Used (see [below for nested schema](#nestedatt--spec--ipam--pool)) - `pools` (Attributes) Pools contains the list of assigned IPAM pools for this node. (see [below for nested schema](#nestedatt--spec--ipam--pools)) -- `pre_allocate` (Number) PreAllocate defines the number of IP addresses that must beavailable for allocation in the IPAMspec. It defines the buffer ofaddresses available immediately without requiring cilium-operator toget involved. +- `pre_allocate` (Number) PreAllocate defines the number of IP addresses that must be available for allocation in the IPAMspec. It defines the buffer of addresses available immediately without requiring cilium-operator to get involved. ### Nested Schema for `spec.ipam.ipv6_pool` Optional: -- `owner` (String) Owner is the owner of the IP. This field is set if the IP has beenallocated. It will be set to the pod name or another identifierrepresenting the usage of the IPThe owner field is left blank for an entry in Spec.IPAM.Pool andfilled out as the IP is used and also added to Status.IPAM.Used. -- `resource` (String) Resource is set for both available and allocated IPs, it representswhat resource the IP is associated with, e.g. in combination withAWS ENI, this will refer to the ID of the ENI +- `owner` (String) Owner is the owner of the IP. This field is set if the IP has been allocated. It will be set to the pod name or another identifier representing the usage of the IP The owner field is left blank for an entry in Spec.IPAM.Pool and filled out as the IP is used and also added to Status.IPAM.Used. +- `resource` (String) Resource is set for both available and allocated IPs, it represents what resource the IP is associated with, e.g. in combination with AWS ENI, this will refer to the ID of the ENI @@ -173,8 +173,8 @@ Optional: Optional: -- `owner` (String) Owner is the owner of the IP. This field is set if the IP has beenallocated. It will be set to the pod name or another identifierrepresenting the usage of the IPThe owner field is left blank for an entry in Spec.IPAM.Pool andfilled out as the IP is used and also added to Status.IPAM.Used. -- `resource` (String) Resource is set for both available and allocated IPs, it representswhat resource the IP is associated with, e.g. in combination withAWS ENI, this will refer to the ID of the ENI +- `owner` (String) Owner is the owner of the IP. This field is set if the IP has been allocated. It will be set to the pod name or another identifier representing the usage of the IP The owner field is left blank for an entry in Spec.IPAM.Pool and filled out as the IP is used and also added to Status.IPAM.Used. +- `resource` (String) Resource is set for both available and allocated IPs, it represents what resource the IP is associated with, e.g. in combination with AWS ENI, this will refer to the ID of the ENI @@ -182,8 +182,8 @@ Optional: Optional: -- `allocated` (Attributes List) Allocated contains the list of pooled CIDR assigned to this node. Theoperator will add new pod CIDRs to this field, whereas the agent willremove CIDRs it has released. (see [below for nested schema](#nestedatt--spec--ipam--pools--allocated)) -- `requested` (Attributes List) Requested contains a list of IPAM pool requests, i.e. indicates how manyaddresses this node requests out of each pool listed here. This fieldis owned and written to by cilium-agent and read by the operator. (see [below for nested schema](#nestedatt--spec--ipam--pools--requested)) +- `allocated` (Attributes List) Allocated contains the list of pooled CIDR assigned to this node. The operator will add new pod CIDRs to this field, whereas the agent will remove CIDRs it has released. (see [below for nested schema](#nestedatt--spec--ipam--pools--allocated)) +- `requested` (Attributes List) Requested contains a list of IPAM pool requests, i.e. indicates how many addresses this node requests out of each pool listed here. This field is owned and written to by cilium-agent and read by the operator. (see [below for nested schema](#nestedatt--spec--ipam--pools--requested)) ### Nested Schema for `spec.ipam.pools.allocated` @@ -206,12 +206,12 @@ Required: Optional: -- `needed` (Attributes) Needed indicates how many IPs out of the above Pool this node requestsfrom the operator. The operator runs a reconciliation loop to ensure eachnode always has enough PodCIDRs allocated in each pool to fulfill therequested number of IPs here. (see [below for nested schema](#nestedatt--spec--ipam--pools--requested--needed)) +- `needed` (Attributes) Needed indicates how many IPs out of the above Pool this node requests from the operator. The operator runs a reconciliation loop to ensure each node always has enough PodCIDRs allocated in each pool to fulfill the requested number of IPs here. (see [below for nested schema](#nestedatt--spec--ipam--pools--requested--needed)) ### Nested Schema for `spec.ipam.pools.requested.needed` Optional: -- `ipv4_addrs` (Number) IPv4Addrs contains the number of requested IPv4 addresses out of a givenpool -- `ipv6_addrs` (Number) IPv6Addrs contains the number of requested IPv6 addresses out of a givenpool +- `ipv4_addrs` (Number) IPv4Addrs contains the number of requested IPv4 addresses out of a given pool +- `ipv6_addrs` (Number) IPv6Addrs contains the number of requested IPv6 addresses out of a given pool diff --git a/docs/data-sources/cilium_io_cilium_pod_ip_pool_v2alpha1_manifest.md b/docs/data-sources/cilium_io_cilium_pod_ip_pool_v2alpha1_manifest.md index 40fa87f64..5610dd17a 100644 --- a/docs/data-sources/cilium_io_cilium_pod_ip_pool_v2alpha1_manifest.md +++ b/docs/data-sources/cilium_io_cilium_pod_ip_pool_v2alpha1_manifest.md @@ -3,12 +3,12 @@ page_title: "k8s_cilium_io_cilium_pod_ip_pool_v2alpha1_manifest Data Source - terraform-provider-k8s" subcategory: "cilium.io" description: |- - CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAMmode). + CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode). --- # k8s_cilium_io_cilium_pod_ip_pool_v2alpha1_manifest (Data Source) -CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAMmode). +CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode). ## Example Usage @@ -16,8 +16,8 @@ CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the mu data "k8s_cilium_io_cilium_pod_ip_pool_v2alpha1_manifest" "example" { metadata = { name = "some-name" - } + spec = {} } ``` diff --git a/docs/data-sources/crd_projectcalico_org_felix_configuration_v1_manifest.md b/docs/data-sources/crd_projectcalico_org_felix_configuration_v1_manifest.md index 9502c9392..c1793bdb4 100644 --- a/docs/data-sources/crd_projectcalico_org_felix_configuration_v1_manifest.md +++ b/docs/data-sources/crd_projectcalico_org_felix_configuration_v1_manifest.md @@ -63,10 +63,10 @@ Optional: - `bpf_data_iface_pattern` (String) BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. It should not match the workload interfaces (usually named cali...). - `bpf_disable_gro_for_ifaces` (String) BPFDisableGROForIfaces is a regular expression that controls which interfaces Felix should disable the Generic Receive Offload [GRO] option. It should not match the workload interfaces (usually named cali...). - `bpf_disable_unprivileged` (Boolean) BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled sysctl to disable unprivileged use of BPF. This ensures that unprivileged users cannot access Calico's BPF maps and cannot insert their own BPF programs to interfere with Calico's. [Default: true] -- `bpf_dsr_optout_cid_rs` (List of String) BPFDSROptoutCIDRs is a list of CIDRs which are excluded from DSR. That is, clients in those CIDRs will accesses nodeports as if BPFExternalServiceMode was set to Tunnel. +- `bpf_dsr_optout_cidrs` (List of String) BPFDSROptoutCIDRs is a list of CIDRs which are excluded from DSR. That is, clients in those CIDRs will accesses nodeports as if BPFExternalServiceMode was set to Tunnel. - `bpf_enabled` (Boolean) BPFEnabled, if enabled Felix will use the BPF dataplane. [Default: false] - `bpf_enforce_rpf` (String) BPFEnforceRPF enforce strict RPF on all host interfaces with BPF programs regardless of what is the per-interfaces or global setting. Possible values are Disabled, Strict or Loose. [Default: Loose] -- `bpf_exclude_cid_rs_from_nat` (List of String) BPFExcludeCIDRsFromNAT is a list of CIDRs that are to be excluded from NAT resolution so that host can handle them. A typical usecase is node local DNS cache. +- `bpf_exclude_cidrs_from_nat` (List of String) BPFExcludeCIDRsFromNAT is a list of CIDRs that are to be excluded from NAT resolution so that host can handle them. A typical usecase is node local DNS cache. - `bpf_ext_to_service_connmark` (Number) BPFExtToServiceConnmark in BPF mode, control a 32bit mark that is set on connections from an external client to a local service. This mark allows us to control how packets of that connection are routed within the host and how is routing interpreted by RPF check. [Default: 0] - `bpf_external_service_mode` (String) BPFExternalServiceMode in BPF mode, controls how connections from outside the cluster to services (node ports and cluster IPs) are forwarded to remote workloads. If set to 'Tunnel' then both request and response traffic is tunneled to the remote node. If set to 'DSR', the request traffic is tunneled but the response traffic is sent directly from the remote node. In 'DSR' mode, the remote node appears to use the IP of the ingress node; this requires a permissive L2 network. [Default: Tunnel] - `bpf_force_track_packets_from_ifaces` (List of String) BPFForceTrackPacketsFromIfaces in BPF mode, forces traffic from these interfaces to skip Calico's iptables NOTRACK rule, allowing traffic from those interfaces to be tracked by Linux conntrack. Should only be used for interfaces that are not used for the Calico fabric. For example, a docker bridge device for non-Calico-networked containers. [Default: docker+] diff --git a/docs/data-sources/crd_projectcalico_org_ip_reservation_v1_manifest.md b/docs/data-sources/crd_projectcalico_org_ip_reservation_v1_manifest.md index 4637fc8fb..463406f52 100644 --- a/docs/data-sources/crd_projectcalico_org_ip_reservation_v1_manifest.md +++ b/docs/data-sources/crd_projectcalico_org_ip_reservation_v1_manifest.md @@ -54,4 +54,4 @@ Optional: Optional: -- `reserved_cid_rs` (List of String) ReservedCIDRs is a list of CIDRs and/or IP addresses that Calico IPAM will exclude from new allocations. +- `reserved_cidrs` (List of String) ReservedCIDRs is a list of CIDRs and/or IP addresses that Calico IPAM will exclude from new allocations. diff --git a/docs/data-sources/eks_services_k8s_aws_cluster_v1alpha1_manifest.md b/docs/data-sources/eks_services_k8s_aws_cluster_v1alpha1_manifest.md index 1c54261b6..4deead2e2 100644 --- a/docs/data-sources/eks_services_k8s_aws_cluster_v1alpha1_manifest.md +++ b/docs/data-sources/eks_services_k8s_aws_cluster_v1alpha1_manifest.md @@ -78,7 +78,7 @@ Optional: - `endpoint_private_access` (Boolean) - `endpoint_public_access` (Boolean) -- `public_access_cid_rs` (List of String) +- `public_access_cidrs` (List of String) - `security_group_i_ds` (List of String) - `security_group_refs` (Attributes List) Reference field for SecurityGroupIDs (see [below for nested schema](#nestedatt--spec--resources_vpc_config--security_group_refs)) - `subnet_i_ds` (List of String) diff --git a/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md b/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md index 43d03d44b..291e9f044 100644 --- a/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md +++ b/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md @@ -56,7 +56,7 @@ Optional: - `certificate_arn` (List of String) CertificateArn specifies the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams. - `group` (Attributes) Group defines the IngressGroup for all Ingresses that belong to IngressClass with this IngressClassParams. (see [below for nested schema](#nestedatt--spec--group)) -- `inbound_cid_rs` (List of String) InboundCIDRs specifies the CIDRs that are allowed to access the Ingresses that belong to IngressClass with this IngressClassParams. +- `inbound_cidrs` (List of String) InboundCIDRs specifies the CIDRs that are allowed to access the Ingresses that belong to IngressClass with this IngressClassParams. - `ip_address_type` (String) IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. - `load_balancer_attributes` (Attributes List) LoadBalancerAttributes define the custom attributes to LoadBalancers for all Ingress that that belong to IngressClass with this IngressClassParams. (see [below for nested schema](#nestedatt--spec--load_balancer_attributes)) - `namespace_selector` (Attributes) NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams.* if absent or present but empty, it selects all namespaces. (see [below for nested schema](#nestedatt--spec--namespace_selector)) diff --git a/docs/data-sources/flows_netobserv_io_flow_collector_v1beta1_manifest.md b/docs/data-sources/flows_netobserv_io_flow_collector_v1beta1_manifest.md index 45a6807e0..6d0877950 100644 --- a/docs/data-sources/flows_netobserv_io_flow_collector_v1beta1_manifest.md +++ b/docs/data-sources/flows_netobserv_io_flow_collector_v1beta1_manifest.md @@ -108,15 +108,15 @@ Optional: - `action` (String) Action defines the action to perform on the flows that match the filter. - `cidr` (String) CIDR defines the IP CIDR to filter flows by.Example: 10.10.10.0/24 or 100:100:100:100::/64 -- `dest_ports` (String) DestPorts defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example, destPorts: 80.To filter a range of ports, use a 'start-end' range in string format. For example, destPorts: '80-100'.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''. +- `dest_ports` (String) DestPorts defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example destPorts: 80.To filter a range of ports, use a 'start-end' range, string format. For example destPorts: '80-100'. - `direction` (String) Direction defines the direction to filter flows by. - `enable` (Boolean) Set 'enable' to 'true' to enable eBPF flow filtering feature. - `icmp_code` (Number) ICMPCode defines the ICMP code to filter flows by. - `icmp_type` (Number) ICMPType defines the ICMP type to filter flows by. - `peer_ip` (String) PeerIP defines the IP address to filter flows by.Example: 10.10.10.10 -- `ports` (String) Ports defines the ports to filter flows by. it can be user for either source or destination ports.To filter a single port, set a single port as an integer value. For example, ports: 80.To filter a range of ports, use a 'start-end' range in string format. For example, ports: '80-100'.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''. +- `ports` (String) Ports defines the ports to filter flows by. it can be user for either source or destination ports.To filter a single port, set a single port as an integer value. For example ports: 80.To filter a range of ports, use a 'start-end' range, string format. For example ports: '80-10 - `protocol` (String) Protocol defines the protocol to filter flows by. -- `source_ports` (String) SourcePorts defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example, sourcePorts: 80.To filter a range of ports, use a 'start-end' range in string format. For example, sourcePorts: '80-100'.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''. +- `source_ports` (String) SourcePorts defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example sourcePorts: 80.To filter a range of ports, use a 'start-end' range, string format. For example sourcePorts: '80-100'. - `tcp_flags` (String) 'tcpFlags' defines the TCP flags to filter flows by. @@ -140,15 +140,12 @@ Optional: ### Nested Schema for `spec.agent.ebpf.metrics.server.tls` -Required: - -- `type` (String) Select the type of TLS configuration:
- 'DISABLED' (default) to not configure TLS for the endpoint.- 'PROVIDED' to manually provide cert file and a key file. [Unsupported (*)].- 'AUTO' to use OpenShift auto generated certificate using annotations. - Optional: - `insecure_skip_verify` (Boolean) 'insecureSkipVerify' allows skipping client-side verification of the provided certificate.If set to 'true', the 'providedCaFile' field is ignored. - `provided` (Attributes) TLS configuration when 'type' is set to 'PROVIDED'. (see [below for nested schema](#nestedatt--spec--agent--ebpf--metrics--server--tls--provided)) - `provided_ca_file` (Attributes) Reference to the CA file when 'type' is set to 'PROVIDED'. (see [below for nested schema](#nestedatt--spec--agent--ebpf--metrics--server--tls--provided_ca_file)) +- `type` (String) Select the type of TLS configuration:
- 'DISABLED' (default) to not configure TLS for the endpoint.- 'PROVIDED' to manually provide cert file and a key file. [Unsupported (*)].- 'AUTO' to use OpenShift auto generated certificate using annotations. ### Nested Schema for `spec.agent.ebpf.metrics.server.tls.provided` @@ -192,10 +189,6 @@ Required: - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. -Optional: - -- `request` (String) Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request. - @@ -544,10 +537,6 @@ Required: - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. -Optional: - -- `request` (String) Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request. - @@ -1148,15 +1137,12 @@ Optional: ### Nested Schema for `spec.processor.metrics.server.tls` -Required: - -- `type` (String) Select the type of TLS configuration:
- 'DISABLED' (default) to not configure TLS for the endpoint.- 'PROVIDED' to manually provide cert file and a key file. [Unsupported (*)].- 'AUTO' to use OpenShift auto generated certificate using annotations. - Optional: - `insecure_skip_verify` (Boolean) 'insecureSkipVerify' allows skipping client-side verification of the provided certificate.If set to 'true', the 'providedCaFile' field is ignored. - `provided` (Attributes) TLS configuration when 'type' is set to 'PROVIDED'. (see [below for nested schema](#nestedatt--spec--processor--metrics--server--tls--provided)) - `provided_ca_file` (Attributes) Reference to the CA file when 'type' is set to 'PROVIDED'. (see [below for nested schema](#nestedatt--spec--processor--metrics--server--tls--provided_ca_file)) +- `type` (String) Select the type of TLS configuration:
- 'DISABLED' (default) to not configure TLS for the endpoint.- 'PROVIDED' to manually provide cert file and a key file. [Unsupported (*)].- 'AUTO' to use OpenShift auto generated certificate using annotations. ### Nested Schema for `spec.processor.metrics.server.tls.provided` @@ -1200,10 +1186,6 @@ Required: - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. -Optional: - -- `request` (String) Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request. - @@ -1217,7 +1199,7 @@ Optional: ### Nested Schema for `spec.processor.subnet_labels.custom_labels` -Required: +Optional: - `cidrs` (List of String) List of CIDRs, such as '['1.2.3.4/32']'. - `name` (String) Label name, used to flag matching flows. @@ -1235,14 +1217,11 @@ Optional: ### Nested Schema for `spec.prometheus.querier` -Required: - -- `mode` (String) 'mode' must be set according to the type of Prometheus installation that stores NetObserv metrics:
- Use 'Auto' to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- Use 'Manual' for a manual setup
- Optional: - `enable` (Boolean) Set 'enable' to 'true' to make the Console plugin querying flow metrics from Prometheus instead of Loki whenever possible.The Console plugin can use either Loki or Prometheus as a data source for metrics (see also 'spec.loki'), or both.Not all queries are transposable from Loki to Prometheus. Hence, if Loki is disabled, some features of the plugin are disabled as well,such as getting per-pod information or viewing raw flows.If both Prometheus and Loki are enabled, Prometheus takes precedence and Loki is used as a fallback for queries that Prometheus cannot handle.If they are both disabled, the Console plugin is not deployed. - `manual` (Attributes) Prometheus configuration for 'Manual' mode. (see [below for nested schema](#nestedatt--spec--prometheus--querier--manual)) +- `mode` (String) 'mode' must be set according to the type of Prometheus installation that stores NetObserv metrics:
- Use 'Auto' to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- Use 'Manual' for a manual setup
- `timeout` (String) 'timeout' is the read timeout for console plugin queries to Prometheus.A timeout of zero means no timeout. diff --git a/docs/data-sources/flows_netobserv_io_flow_collector_v1beta2_manifest.md b/docs/data-sources/flows_netobserv_io_flow_collector_v1beta2_manifest.md index a100f063f..cddeb6a0b 100644 --- a/docs/data-sources/flows_netobserv_io_flow_collector_v1beta2_manifest.md +++ b/docs/data-sources/flows_netobserv_io_flow_collector_v1beta2_manifest.md @@ -243,8 +243,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--agent--ebpf--advanced--scheduling--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--agent--ebpf--advanced--scheduling--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -304,8 +304,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--agent--ebpf--advanced--scheduling--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--agent--ebpf--advanced--scheduling--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -381,8 +381,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--agent--ebpf--advanced--scheduling--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--agent--ebpf--advanced--scheduling--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -442,8 +442,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--agent--ebpf--advanced--scheduling--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--agent--ebpf--advanced--scheduling--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -515,15 +515,15 @@ Optional: - `action` (String) 'action' defines the action to perform on the flows that match the filter. - `cidr` (String) 'cidr' defines the IP CIDR to filter flows by.Examples: '10.10.10.0/24' or '100:100:100:100::/64' -- `dest_ports` (String) 'destPorts' defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example, 'destPorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example, 'destPorts: '80-100''.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''. +- `dest_ports` (String) 'destPorts' defines the destination ports to filter flows by.To filter a single port, set a single port as an integer value. For example: 'destPorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example: 'destPorts: '80-100''. - `direction` (String) 'direction' defines the direction to filter flows by. - `enable` (Boolean) Set 'enable' to 'true' to enable the eBPF flow filtering feature. - `icmp_code` (Number) 'icmpCode', for Internet Control Message Protocol (ICMP) traffic, defines the ICMP code to filter flows by. - `icmp_type` (Number) 'icmpType', for ICMP traffic, defines the ICMP type to filter flows by. - `peer_ip` (String) 'peerIP' defines the IP address to filter flows by.Example: '10.10.10.10'. -- `ports` (String) 'ports' defines the ports to filter flows by. It is used both for source and destination ports.To filter a single port, set a single port as an integer value. For example, 'ports: 80'.To filter a range of ports, use a 'start-end' range in string format. For example, 'ports: '80-100''.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''. +- `ports` (String) 'ports' defines the ports to filter flows by. It is used both for source and destination ports.To filter a single port, set a single port as an integer value. For example: 'ports: 80'.To filter a range of ports, use a 'start-end' range in string format. For example: 'ports: '80-100''. - `protocol` (String) 'protocol' defines the protocol to filter flows by. -- `source_ports` (String) 'sourcePorts' defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example, 'sourcePorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example, 'sourcePorts: '80-100''.To filter two ports, use a 'port1,port2' in string format. For example, 'ports: '80,100''. +- `source_ports` (String) 'sourcePorts' defines the source ports to filter flows by.To filter a single port, set a single port as an integer value. For example: 'sourcePorts: 80'.To filter a range of ports, use a 'start-end' range in string format. For example: 'sourcePorts: '80-100''. - `tcp_flags` (String) 'tcpFlags' defines the TCP flags to filter flows by. @@ -547,15 +547,12 @@ Optional: ### Nested Schema for `spec.agent.ebpf.metrics.server.tls` -Required: - -- `type` (String) Select the type of TLS configuration:
- 'Disabled' (default) to not configure TLS for the endpoint.- 'Provided' to manually provide cert file and a key file. [Unsupported (*)].- 'Auto' to use OpenShift auto generated certificate using annotations. - Optional: - `insecure_skip_verify` (Boolean) 'insecureSkipVerify' allows skipping client-side verification of the provided certificate.If set to 'true', the 'providedCaFile' field is ignored. - `provided` (Attributes) TLS configuration when 'type' is set to 'Provided'. (see [below for nested schema](#nestedatt--spec--agent--ebpf--metrics--server--tls--provided)) - `provided_ca_file` (Attributes) Reference to the CA file when 'type' is set to 'Provided'. (see [below for nested schema](#nestedatt--spec--agent--ebpf--metrics--server--tls--provided_ca_file)) +- `type` (String) Select the type of TLS configuration:
- 'Disabled' (default) to not configure TLS for the endpoint.- 'Provided' to manually provide cert file and a key file. [Unsupported (*)].- 'Auto' to use OpenShift auto generated certificate using annotations. ### Nested Schema for `spec.agent.ebpf.metrics.server.tls.provided` @@ -599,10 +596,6 @@ Required: - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. -Optional: - -- `request` (String) Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request. - @@ -805,8 +798,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--console_plugin--advanced--scheduling--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--console_plugin--advanced--scheduling--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -866,8 +859,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--console_plugin--advanced--scheduling--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--console_plugin--advanced--scheduling--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -943,8 +936,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--console_plugin--advanced--scheduling--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--console_plugin--advanced--scheduling--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1004,8 +997,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--console_plugin--advanced--scheduling--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--console_plugin--advanced--scheduling--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1367,10 +1360,6 @@ Required: - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. -Optional: - -- `request` (String) Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request. - @@ -1646,10 +1635,6 @@ Optional: ### Nested Schema for `spec.loki` -Required: - -- `mode` (String) 'mode' must be set according to the installation mode of Loki:
- Use 'LokiStack' when Loki is managed using the Loki Operator
- Use 'Monolithic' when Loki is installed as a monolithic workload
- Use 'Microservices' when Loki is installed as microservices, but without Loki Operator
- Use 'Manual' if none of the options above match your setup
- Optional: - `advanced` (Attributes) 'advanced' allows setting some aspects of the internal configuration of the Loki clients.This section is aimed mostly for debugging and fine-grained performance optimizations. (see [below for nested schema](#nestedatt--spec--loki--advanced)) @@ -1657,6 +1642,7 @@ Optional: - `loki_stack` (Attributes) Loki configuration for 'LokiStack' mode. This is useful for an easy Loki Operator configuration.It is ignored for other modes. (see [below for nested schema](#nestedatt--spec--loki--loki_stack)) - `manual` (Attributes) Loki configuration for 'Manual' mode. This is the most flexible configuration.It is ignored for other modes. (see [below for nested schema](#nestedatt--spec--loki--manual)) - `microservices` (Attributes) Loki configuration for 'Microservices' mode.Use this option when Loki is installed using the microservices deployment mode (https://grafana.com/docs/loki/latest/fundamentals/architecture/deployment-modes/#microservices-mode).It is ignored for other modes. (see [below for nested schema](#nestedatt--spec--loki--microservices)) +- `mode` (String) 'mode' must be set according to the installation mode of Loki:
- Use 'LokiStack' when Loki is managed using the Loki Operator
- Use 'Monolithic' when Loki is installed as a monolithic workload
- Use 'Microservices' when Loki is installed as microservices, but without Loki Operator
- Use 'Manual' if none of the options above match your setup
- `monolithic` (Attributes) Loki configuration for 'Monolithic' mode.Use this option when Loki is installed using the monolithic deployment mode (https://grafana.com/docs/loki/latest/fundamentals/architecture/deployment-modes/#monolithic-mode).It is ignored for other modes. (see [below for nested schema](#nestedatt--spec--loki--monolithic)) - `read_timeout` (String) 'readTimeout' is the maximum console plugin loki query total time limit.A timeout of zero means no timeout. - `write_batch_size` (Number) 'writeBatchSize' is the maximum batch size (in bytes) of Loki logs to accumulate before sending. @@ -1677,12 +1663,9 @@ Optional: ### Nested Schema for `spec.loki.loki_stack` -Required: - -- `name` (String) Name of an existing LokiStack resource to use. - Optional: +- `name` (String) Name of an existing LokiStack resource to use. - `namespace` (String) Namespace where this 'LokiStack' resource is located. If omitted, it is assumed to be the same as 'spec.namespace'. @@ -2048,8 +2031,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--processor--advanced--scheduling--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--processor--advanced--scheduling--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -2109,8 +2092,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--processor--advanced--scheduling--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--processor--advanced--scheduling--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -2186,8 +2169,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--processor--advanced--scheduling--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--processor--advanced--scheduling--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -2247,8 +2230,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--processor--advanced--scheduling--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--processor--advanced--scheduling--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -2592,15 +2575,12 @@ Optional: ### Nested Schema for `spec.processor.metrics.server.tls` -Required: - -- `type` (String) Select the type of TLS configuration:
- 'Disabled' (default) to not configure TLS for the endpoint.- 'Provided' to manually provide cert file and a key file. [Unsupported (*)].- 'Auto' to use OpenShift auto generated certificate using annotations. - Optional: - `insecure_skip_verify` (Boolean) 'insecureSkipVerify' allows skipping client-side verification of the provided certificate.If set to 'true', the 'providedCaFile' field is ignored. - `provided` (Attributes) TLS configuration when 'type' is set to 'Provided'. (see [below for nested schema](#nestedatt--spec--processor--metrics--server--tls--provided)) - `provided_ca_file` (Attributes) Reference to the CA file when 'type' is set to 'Provided'. (see [below for nested schema](#nestedatt--spec--processor--metrics--server--tls--provided_ca_file)) +- `type` (String) Select the type of TLS configuration:
- 'Disabled' (default) to not configure TLS for the endpoint.- 'Provided' to manually provide cert file and a key file. [Unsupported (*)].- 'Auto' to use OpenShift auto generated certificate using annotations. ### Nested Schema for `spec.processor.metrics.server.tls.provided` @@ -2644,10 +2624,6 @@ Required: - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. -Optional: - -- `request` (String) Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request. - @@ -2661,7 +2637,7 @@ Optional: ### Nested Schema for `spec.processor.subnet_labels.custom_labels` -Required: +Optional: - `cidrs` (List of String) List of CIDRs, such as '['1.2.3.4/32']'. - `name` (String) Label name, used to flag matching flows. @@ -2679,14 +2655,11 @@ Optional: ### Nested Schema for `spec.prometheus.querier` -Required: - -- `mode` (String) 'mode' must be set according to the type of Prometheus installation that stores NetObserv metrics:
- Use 'Auto' to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- Use 'Manual' for a manual setup
- Optional: - `enable` (Boolean) When 'enable' is 'true', the Console plugin queries flow metrics from Prometheus instead of Loki whenever possible.It is enbaled by default: set it to 'false' to disable this feature.The Console plugin can use either Loki or Prometheus as a data source for metrics (see also 'spec.loki'), or both.Not all queries are transposable from Loki to Prometheus. Hence, if Loki is disabled, some features of the plugin are disabled as well,such as getting per-pod information or viewing raw flows.If both Prometheus and Loki are enabled, Prometheus takes precedence and Loki is used as a fallback for queries that Prometheus cannot handle.If they are both disabled, the Console plugin is not deployed. - `manual` (Attributes) Prometheus configuration for 'Manual' mode. (see [below for nested schema](#nestedatt--spec--prometheus--querier--manual)) +- `mode` (String) 'mode' must be set according to the type of Prometheus installation that stores NetObserv metrics:
- Use 'Auto' to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- Use 'Manual' for a manual setup
- `timeout` (String) 'timeout' is the read timeout for console plugin queries to Prometheus.A timeout of zero means no timeout. diff --git a/docs/data-sources/fluentbit_fluent_io_cluster_output_v1alpha2_manifest.md b/docs/data-sources/fluentbit_fluent_io_cluster_output_v1alpha2_manifest.md index b03bddb73..c8b0fcb3a 100644 --- a/docs/data-sources/fluentbit_fluent_io_cluster_output_v1alpha2_manifest.md +++ b/docs/data-sources/fluentbit_fluent_io_cluster_output_v1alpha2_manifest.md @@ -361,14 +361,12 @@ Optional: Optional: - `aws_auth` (String) Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service. -- `aws_auth_secret` (Attributes) AWSAuthSecret Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service. (see [below for nested schema](#nestedatt--spec--es--aws_auth_secret)) - `aws_external_id` (String) External ID for the AWS IAM Role specified with aws_role_arn. - `aws_region` (String) Specify the AWS region for Amazon ElasticSearch Service. - `aws_role_arn` (String) AWS IAM Role to assume to put records to your Amazon ES cluster. - `aws_sts_endpoint` (String) Specify the custom sts endpoint to be used with STS API for Amazon ElasticSearch Service. - `buffer_size` (String) Specify the buffer size used to read the response from the Elasticsearch HTTP service.This option is useful for debugging purposes where is required to read full responses,note that response size grows depending of the number of records inserted.To set an unlimited amount of memory set this value to False,otherwise the value must be according to the Unit Size specification. - `cloud_auth` (String) Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud. -- `cloud_auth_secret` (Attributes) CloudAuthSecret Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud. (see [below for nested schema](#nestedatt--spec--es--cloud_auth_secret)) - `cloud_id` (String) If you are using Elastic's Elasticsearch Service you can specify the cloud_id of the cluster running. - `compress` (String) Set payload compression mechanism. Option available is 'gzip' - `current_time_index` (Boolean) Use current time for index generation instead of message record @@ -400,64 +398,6 @@ Optional: - `type` (String) Type name - `write_operation` (String) Operation to use to write in bulk requests. - -### Nested Schema for `spec.es.aws_auth_secret` - -Optional: - -- `value_from` (Attributes) ValueSource defines how to find a value's key. (see [below for nested schema](#nestedatt--spec--es--aws_auth_secret--value_from)) - - -### Nested Schema for `spec.es.aws_auth_secret.value_from` - -Optional: - -- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--es--aws_auth_secret--value_from--secret_key_ref)) - - -### Nested Schema for `spec.es.aws_auth_secret.value_from.secret_key_ref` - -Required: - -- `key` (String) The key of the secret to select from. Must be a valid secret key. - -Optional: - -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. -- `optional` (Boolean) Specify whether the Secret or its key must be defined - - - - - -### Nested Schema for `spec.es.cloud_auth_secret` - -Optional: - -- `value_from` (Attributes) ValueSource defines how to find a value's key. (see [below for nested schema](#nestedatt--spec--es--cloud_auth_secret--value_from)) - - -### Nested Schema for `spec.es.cloud_auth_secret.value_from` - -Optional: - -- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--es--cloud_auth_secret--value_from--secret_key_ref)) - - -### Nested Schema for `spec.es.cloud_auth_secret.value_from.secret_key_ref` - -Required: - -- `key` (String) The key of the secret to select from. Must be a valid secret key. - -Optional: - -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. -- `optional` (Boolean) Specify whether the Secret or its key must be defined - - - - ### Nested Schema for `spec.es.http_password` diff --git a/docs/data-sources/fluentbit_fluent_io_output_v1alpha2_manifest.md b/docs/data-sources/fluentbit_fluent_io_output_v1alpha2_manifest.md index 2d10adc06..d0b73d9f0 100644 --- a/docs/data-sources/fluentbit_fluent_io_output_v1alpha2_manifest.md +++ b/docs/data-sources/fluentbit_fluent_io_output_v1alpha2_manifest.md @@ -362,14 +362,12 @@ Optional: Optional: - `aws_auth` (String) Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service. -- `aws_auth_secret` (Attributes) AWSAuthSecret Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service. (see [below for nested schema](#nestedatt--spec--es--aws_auth_secret)) - `aws_external_id` (String) External ID for the AWS IAM Role specified with aws_role_arn. - `aws_region` (String) Specify the AWS region for Amazon ElasticSearch Service. - `aws_role_arn` (String) AWS IAM Role to assume to put records to your Amazon ES cluster. - `aws_sts_endpoint` (String) Specify the custom sts endpoint to be used with STS API for Amazon ElasticSearch Service. - `buffer_size` (String) Specify the buffer size used to read the response from the Elasticsearch HTTP service.This option is useful for debugging purposes where is required to read full responses,note that response size grows depending of the number of records inserted.To set an unlimited amount of memory set this value to False,otherwise the value must be according to the Unit Size specification. - `cloud_auth` (String) Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud. -- `cloud_auth_secret` (Attributes) CloudAuthSecret Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud. (see [below for nested schema](#nestedatt--spec--es--cloud_auth_secret)) - `cloud_id` (String) If you are using Elastic's Elasticsearch Service you can specify the cloud_id of the cluster running. - `compress` (String) Set payload compression mechanism. Option available is 'gzip' - `current_time_index` (Boolean) Use current time for index generation instead of message record @@ -401,64 +399,6 @@ Optional: - `type` (String) Type name - `write_operation` (String) Operation to use to write in bulk requests. - -### Nested Schema for `spec.es.aws_auth_secret` - -Optional: - -- `value_from` (Attributes) ValueSource defines how to find a value's key. (see [below for nested schema](#nestedatt--spec--es--aws_auth_secret--value_from)) - - -### Nested Schema for `spec.es.aws_auth_secret.value_from` - -Optional: - -- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--es--aws_auth_secret--value_from--secret_key_ref)) - - -### Nested Schema for `spec.es.aws_auth_secret.value_from.secret_key_ref` - -Required: - -- `key` (String) The key of the secret to select from. Must be a valid secret key. - -Optional: - -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. -- `optional` (Boolean) Specify whether the Secret or its key must be defined - - - - - -### Nested Schema for `spec.es.cloud_auth_secret` - -Optional: - -- `value_from` (Attributes) ValueSource defines how to find a value's key. (see [below for nested schema](#nestedatt--spec--es--cloud_auth_secret--value_from)) - - -### Nested Schema for `spec.es.cloud_auth_secret.value_from` - -Optional: - -- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--es--cloud_auth_secret--value_from--secret_key_ref)) - - -### Nested Schema for `spec.es.cloud_auth_secret.value_from.secret_key_ref` - -Required: - -- `key` (String) The key of the secret to select from. Must be a valid secret key. - -Optional: - -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. -- `optional` (Boolean) Specify whether the Secret or its key must be defined - - - - ### Nested Schema for `spec.es.http_password` diff --git a/docs/data-sources/forklift_konveyor_io_plan_v1beta1_manifest.md b/docs/data-sources/forklift_konveyor_io_plan_v1beta1_manifest.md index e3b15b494..1a7cf50c9 100644 --- a/docs/data-sources/forklift_konveyor_io_plan_v1beta1_manifest.md +++ b/docs/data-sources/forklift_konveyor_io_plan_v1beta1_manifest.md @@ -65,7 +65,7 @@ Optional: - `archived` (Boolean) Whether this plan should be archived. - `description` (String) Description - `preserve_cluster_cpu_model` (Boolean) Preserve the CPU model and flags the VM runs with in its oVirt cluster. -- `preserve_static_i_ps` (Boolean) Preserve static IPs of VMs in vSphere +- `preserve_static_i_ps` (Boolean) Preserve static IPs of VMs in vSphere (Windows only) - `transfer_network` (Attributes) The network attachment definition that should be used for disk transfer. (see [below for nested schema](#nestedatt--spec--transfer_network)) - `warm` (Boolean) Whether this is a warm migration. diff --git a/docs/data-sources/gateway_nginx_org_nginx_proxy_v1alpha1_manifest.md b/docs/data-sources/gateway_nginx_org_nginx_proxy_v1alpha1_manifest.md index f946cb5e1..6a1f7f8f6 100644 --- a/docs/data-sources/gateway_nginx_org_nginx_proxy_v1alpha1_manifest.md +++ b/docs/data-sources/gateway_nginx_org_nginx_proxy_v1alpha1_manifest.md @@ -53,28 +53,8 @@ Optional: - `disable_http2` (Boolean) DisableHTTP2 defines if http2 should be disabled for all servers.Default is false, meaning http2 will be enabled for all servers. - `ip_family` (String) IPFamily specifies the IP family to be used by the NGINX.Default is 'dual', meaning the server will use both IPv4 and IPv6. -- `rewrite_client_ip` (Attributes) RewriteClientIP defines configuration for rewriting the client IP to the original client's IP. (see [below for nested schema](#nestedatt--spec--rewrite_client_ip)) - `telemetry` (Attributes) Telemetry specifies the OpenTelemetry configuration. (see [below for nested schema](#nestedatt--spec--telemetry)) - -### Nested Schema for `spec.rewrite_client_ip` - -Optional: - -- `mode` (String) Mode defines how NGINX will rewrite the client's IP address.There are two possible modes:- ProxyProtocol: NGINX will rewrite the client's IP using the PROXY protocol header.- XForwardedFor: NGINX will rewrite the client's IP using the X-Forwarded-For header.Sets NGINX directive real_ip_header: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header -- `set_ip_recursively` (Boolean) SetIPRecursively configures whether recursive search is used when selecting the client's address fromthe X-Forwarded-For header. It is used in conjunction with TrustedAddresses.If enabled, NGINX will recurse on the values in X-Forwarded-Header from the end of arrayto start of array and select the first untrusted IP.For example, if X-Forwarded-For is [11.11.11.11, 22.22.22.22, 55.55.55.1],and TrustedAddresses is set to 55.55.55.1/32, NGINX will rewrite the client IP to 22.22.22.22.If disabled, NGINX will select the IP at the end of the array.In the previous example, 55.55.55.1 would be selected.Sets NGINX directive real_ip_recursive: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive -- `trusted_addresses` (Attributes List) TrustedAddresses specifies the addresses that are trusted to send correct client IP information.If a request comes from a trusted address, NGINX will rewrite the client IP information,and forward it to the backend in the X-Forwarded-For* and X-Real-IP headers.If the request does not come from a trusted address, NGINX will not rewrite the client IP information.TrustedAddresses only supports CIDR blocks: 192.33.21.1/24, fe80::1/64.To trust all addresses (not recommended for production), set to 0.0.0.0/0.If no addresses are provided, NGINX will not rewrite the client IP information.Sets NGINX directive set_real_ip_from: https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_fromThis field is required if mode is set. (see [below for nested schema](#nestedatt--spec--rewrite_client_ip--trusted_addresses)) - - -### Nested Schema for `spec.rewrite_client_ip.trusted_addresses` - -Optional: - -- `type` (String) Type specifies the type of address.Default is 'cidr' which specifies that the address is a CIDR block. -- `value` (String) Value specifies the address value. - - - ### Nested Schema for `spec.telemetry` diff --git a/docs/data-sources/gateway_solo_io_gateway_v1_manifest.md b/docs/data-sources/gateway_solo_io_gateway_v1_manifest.md index 4316b742f..77cbe4378 100644 --- a/docs/data-sources/gateway_solo_io_gateway_v1_manifest.md +++ b/docs/data-sources/gateway_solo_io_gateway_v1_manifest.md @@ -1349,10 +1349,6 @@ Optional: Optional: -- `max_buffered_rx_bytes` (Number) -- `max_buffered_tx_bytes` (Number) -- `record_downstream_connection` (Boolean) -- `record_headers_received_time` (Boolean) - `sinks` (Attributes List) (see [below for nested schema](#nestedatt--spec--http_gateway--options--tap--sinks)) @@ -3265,10 +3261,6 @@ Optional: Optional: -- `max_buffered_rx_bytes` (Number) -- `max_buffered_tx_bytes` (Number) -- `record_downstream_connection` (Boolean) -- `record_headers_received_time` (Boolean) - `sinks` (Attributes List) (see [below for nested schema](#nestedatt--spec--hybrid_gateway--matched_gateways--http_gateway--options--tap--sinks)) diff --git a/docs/data-sources/gateway_solo_io_matchable_http_gateway_v1_manifest.md b/docs/data-sources/gateway_solo_io_matchable_http_gateway_v1_manifest.md index 707b2fc64..1c035d370 100644 --- a/docs/data-sources/gateway_solo_io_matchable_http_gateway_v1_manifest.md +++ b/docs/data-sources/gateway_solo_io_matchable_http_gateway_v1_manifest.md @@ -1341,10 +1341,6 @@ Optional: Optional: -- `max_buffered_rx_bytes` (Number) -- `max_buffered_tx_bytes` (Number) -- `record_downstream_connection` (Boolean) -- `record_headers_received_time` (Boolean) - `sinks` (Attributes List) (see [below for nested schema](#nestedatt--spec--http_gateway--options--tap--sinks)) diff --git a/docs/data-sources/gateway_solo_io_route_option_v1_manifest.md b/docs/data-sources/gateway_solo_io_route_option_v1_manifest.md index 40325cbe1..b9a080a7e 100644 --- a/docs/data-sources/gateway_solo_io_route_option_v1_manifest.md +++ b/docs/data-sources/gateway_solo_io_route_option_v1_manifest.md @@ -220,38 +220,8 @@ Optional: Optional: -- `azure_openai` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--rag--embedding--azure_openai)) - `openai` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--rag--embedding--openai)) - -### Nested Schema for `spec.options.ai.rag.embedding.azure_openai` - -Optional: - -- `api_version` (String) -- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--rag--embedding--azure_openai--auth_token)) -- `deployment_name` (String) -- `endpoint` (String) - - -### Nested Schema for `spec.options.ai.rag.embedding.azure_openai.auth_token` - -Optional: - -- `inline` (String) -- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--rag--embedding--azure_openai--auth_token--secret_ref)) - - -### Nested Schema for `spec.options.ai.rag.embedding.azure_openai.auth_token.secret_ref` - -Optional: - -- `name` (String) -- `namespace` (String) - - - - ### Nested Schema for `spec.options.ai.rag.embedding.openai` @@ -312,38 +282,8 @@ Optional: Optional: -- `azure_openai` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--semantic_cache--embedding--azure_openai)) - `openai` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--semantic_cache--embedding--openai)) - -### Nested Schema for `spec.options.ai.semantic_cache.embedding.azure_openai` - -Optional: - -- `api_version` (String) -- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--semantic_cache--embedding--azure_openai--auth_token)) -- `deployment_name` (String) -- `endpoint` (String) - - -### Nested Schema for `spec.options.ai.semantic_cache.embedding.azure_openai.auth_token` - -Optional: - -- `inline` (String) -- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--semantic_cache--embedding--azure_openai--auth_token--secret_ref)) - - -### Nested Schema for `spec.options.ai.semantic_cache.embedding.azure_openai.auth_token.secret_ref` - -Optional: - -- `name` (String) -- `namespace` (String) - - - - ### Nested Schema for `spec.options.ai.semantic_cache.embedding.openai` @@ -801,7 +741,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--options--jwt_providers_staged--after_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.options.jwt_providers_staged.after_ext_auth.providers` @@ -898,7 +837,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--options--jwt_providers_staged--before_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.options.jwt_providers_staged.before_ext_auth.providers` diff --git a/docs/data-sources/gateway_solo_io_route_table_v1_manifest.md b/docs/data-sources/gateway_solo_io_route_table_v1_manifest.md index 72411253b..efb18fa48 100644 --- a/docs/data-sources/gateway_solo_io_route_table_v1_manifest.md +++ b/docs/data-sources/gateway_solo_io_route_table_v1_manifest.md @@ -331,38 +331,8 @@ Optional: Optional: -- `azure_openai` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--rag--embedding--azure_openai)) - `openai` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--rag--embedding--openai)) - -### Nested Schema for `spec.routes.options.ai.rag.embedding.azure_openai` - -Optional: - -- `api_version` (String) -- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--rag--embedding--azure_openai--auth_token)) -- `deployment_name` (String) -- `endpoint` (String) - - -### Nested Schema for `spec.routes.options.ai.rag.embedding.azure_openai.auth_token` - -Optional: - -- `inline` (String) -- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--rag--embedding--azure_openai--auth_token--secret_ref)) - - -### Nested Schema for `spec.routes.options.ai.rag.embedding.azure_openai.auth_token.secret_ref` - -Optional: - -- `name` (String) -- `namespace` (String) - - - - ### Nested Schema for `spec.routes.options.ai.rag.embedding.openai` @@ -423,38 +393,8 @@ Optional: Optional: -- `azure_openai` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--semantic_cache--embedding--azure_openai)) - `openai` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--semantic_cache--embedding--openai)) - -### Nested Schema for `spec.routes.options.ai.semantic_cache.embedding.azure_openai` - -Optional: - -- `api_version` (String) -- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--semantic_cache--embedding--azure_openai--auth_token)) -- `deployment_name` (String) -- `endpoint` (String) - - -### Nested Schema for `spec.routes.options.ai.semantic_cache.embedding.azure_openai.auth_token` - -Optional: - -- `inline` (String) -- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--semantic_cache--embedding--azure_openai--auth_token--secret_ref)) - - -### Nested Schema for `spec.routes.options.ai.semantic_cache.embedding.azure_openai.auth_token.secret_ref` - -Optional: - -- `name` (String) -- `namespace` (String) - - - - ### Nested Schema for `spec.routes.options.ai.semantic_cache.embedding.openai` @@ -912,7 +852,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--jwt_providers_staged--after_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.routes.options.jwt_providers_staged.after_ext_auth.providers` @@ -1009,7 +948,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--jwt_providers_staged--before_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.routes.options.jwt_providers_staged.before_ext_auth.providers` diff --git a/docs/data-sources/gateway_solo_io_virtual_host_option_v1_manifest.md b/docs/data-sources/gateway_solo_io_virtual_host_option_v1_manifest.md index 310b3b53c..555529df4 100644 --- a/docs/data-sources/gateway_solo_io_virtual_host_option_v1_manifest.md +++ b/docs/data-sources/gateway_solo_io_virtual_host_option_v1_manifest.md @@ -466,7 +466,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--options--jwt--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.options.jwt.providers` @@ -571,7 +570,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--options--jwt_staged--after_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.options.jwt_staged.after_ext_auth.providers` @@ -668,7 +666,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--options--jwt_staged--before_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.options.jwt_staged.before_ext_auth.providers` diff --git a/docs/data-sources/gateway_solo_io_virtual_service_v1_manifest.md b/docs/data-sources/gateway_solo_io_virtual_service_v1_manifest.md index 660429683..f4408bb11 100644 --- a/docs/data-sources/gateway_solo_io_virtual_service_v1_manifest.md +++ b/docs/data-sources/gateway_solo_io_virtual_service_v1_manifest.md @@ -555,7 +555,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--options--jwt--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.virtual_host.options.jwt.providers` @@ -660,7 +659,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--options--jwt_staged--after_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.virtual_host.options.jwt_staged.after_ext_auth.providers` @@ -757,7 +755,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--options--jwt_staged--before_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.virtual_host.options.jwt_staged.before_ext_auth.providers` @@ -3889,38 +3886,8 @@ Optional: Optional: -- `azure_openai` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--rag--embedding--azure_openai)) - `openai` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--rag--embedding--openai)) - -### Nested Schema for `spec.virtual_host.routes.options.ai.rag.embedding.azure_openai` - -Optional: - -- `api_version` (String) -- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--rag--embedding--azure_openai--auth_token)) -- `deployment_name` (String) -- `endpoint` (String) - - -### Nested Schema for `spec.virtual_host.routes.options.ai.rag.embedding.azure_openai.auth_token` - -Optional: - -- `inline` (String) -- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--rag--embedding--azure_openai--auth_token--secret_ref)) - - -### Nested Schema for `spec.virtual_host.routes.options.ai.rag.embedding.azure_openai.auth_token.secret_ref` - -Optional: - -- `name` (String) -- `namespace` (String) - - - - ### Nested Schema for `spec.virtual_host.routes.options.ai.rag.embedding.openai` @@ -3981,38 +3948,8 @@ Optional: Optional: -- `azure_openai` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--semantic_cache--embedding--azure_openai)) - `openai` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--semantic_cache--embedding--openai)) - -### Nested Schema for `spec.virtual_host.routes.options.ai.semantic_cache.embedding.azure_openai` - -Optional: - -- `api_version` (String) -- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--semantic_cache--embedding--azure_openai--auth_token)) -- `deployment_name` (String) -- `endpoint` (String) - - -### Nested Schema for `spec.virtual_host.routes.options.ai.semantic_cache.embedding.azure_openai.auth_token` - -Optional: - -- `inline` (String) -- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--semantic_cache--embedding--azure_openai--auth_token--secret_ref)) - - -### Nested Schema for `spec.virtual_host.routes.options.ai.semantic_cache.embedding.azure_openai.auth_token.secret_ref` - -Optional: - -- `name` (String) -- `namespace` (String) - - - - ### Nested Schema for `spec.virtual_host.routes.options.ai.semantic_cache.embedding.openai` @@ -4470,7 +4407,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--jwt_providers_staged--after_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.virtual_host.routes.options.jwt_providers_staged.after_ext_auth.providers` @@ -4567,7 +4503,6 @@ Optional: - `allow_missing_or_failed_jwt` (Boolean) - `providers` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--jwt_providers_staged--before_ext_auth--providers)) -- `validation_policy` (String) ### Nested Schema for `spec.virtual_host.routes.options.jwt_providers_staged.before_ext_auth.providers` diff --git a/docs/data-sources/gloo_solo_io_upstream_v1_manifest.md b/docs/data-sources/gloo_solo_io_upstream_v1_manifest.md index f41c16d16..1fd5809a8 100644 --- a/docs/data-sources/gloo_solo_io_upstream_v1_manifest.md +++ b/docs/data-sources/gloo_solo_io_upstream_v1_manifest.md @@ -95,7 +95,6 @@ Optional: Optional: - `anthropic` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--anthropic)) -- `azure_openai` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--azure_openai)) - `mistral` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--mistral)) - `openai` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--openai)) @@ -136,33 +135,6 @@ Optional: - -### Nested Schema for `spec.ai.azure_openai` - -Optional: - -- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--azure_openai--auth_token)) -- `endpoint` (String) - - -### Nested Schema for `spec.ai.azure_openai.auth_token` - -Optional: - -- `inline` (String) -- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--azure_openai--auth_token--secret_ref)) - - -### Nested Schema for `spec.ai.azure_openai.auth_token.secret_ref` - -Optional: - -- `name` (String) -- `namespace` (String) - - - - ### Nested Schema for `spec.ai.mistral` diff --git a/docs/data-sources/hive_openshift_io_machine_pool_v1_manifest.md b/docs/data-sources/hive_openshift_io_machine_pool_v1_manifest.md index 8fa3c5b5b..f64189076 100644 --- a/docs/data-sources/hive_openshift_io_machine_pool_v1_manifest.md +++ b/docs/data-sources/hive_openshift_io_machine_pool_v1_manifest.md @@ -150,7 +150,6 @@ Optional: - `network_resource_group_name` (String) NetworkResourceGroupName specifies the network resource group that contains an existing VNet. Ignored unless VirtualNetwork is also specified. - `os_image` (Attributes) OSImage defines the image to use for the OS. (see [below for nested schema](#nestedatt--spec--platform--azure--os_image)) - `virtual_network` (String) VirtualNetwork specifies the name of an existing VNet for the Machines to use If omitted, the default (${infraID}-vnet) will be used. -- `vm_networking_type` (String) VMNetworkingType specifies whether to enable accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. eg. values: 'Accelerated', 'Basic' - `zones` (List of String) Zones is list of availability zones that can be used. eg. ['1', '2', '3'] diff --git a/docs/data-sources/image_toolkit_fluxcd_io_image_repository_v1beta1_manifest.md b/docs/data-sources/image_toolkit_fluxcd_io_image_repository_v1beta1_manifest.md index 87731a163..9bfa03922 100644 --- a/docs/data-sources/image_toolkit_fluxcd_io_image_repository_v1beta1_manifest.md +++ b/docs/data-sources/image_toolkit_fluxcd_io_image_repository_v1beta1_manifest.md @@ -53,16 +53,13 @@ Optional: ### Nested Schema for `spec` -Required: - -- `image` (String) Image is the name of the image repository -- `interval` (String) Interval is the length of time to wait betweenscans of the image repository. - Optional: - `access_from` (Attributes) AccessFrom defines an ACL for allowing cross-namespace referencesto the ImageRepository object based on the caller's namespace labels. (see [below for nested schema](#nestedatt--spec--access_from)) - `cert_secret_ref` (Attributes) CertSecretRef can be given the name of a secret containingeither or both of - a PEM-encoded client certificate ('certFile') and private key ('keyFile'); - a PEM-encoded CA certificate ('caFile') and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. (see [below for nested schema](#nestedatt--spec--cert_secret_ref)) - `exclusion_list` (List of String) ExclusionList is a list of regex strings used to exclude certain tagsfrom being stored in the database. +- `image` (String) Image is the name of the image repository +- `interval` (String) Interval is the length of time to wait betweenscans of the image repository. - `secret_ref` (Attributes) SecretRef can be given the name of a secret containingcredentials to use for the image registry. The secret should becreated with 'kubectl create secret docker-registry', or theequivalent. (see [below for nested schema](#nestedatt--spec--secret_ref)) - `service_account_name` (String) ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticatethe image pull if the service account has attached pull secrets. - `suspend` (Boolean) This flag tells the controller to suspend subsequent image scans.It does not apply to already started scans. Defaults to false. diff --git a/docs/data-sources/image_toolkit_fluxcd_io_image_repository_v1beta2_manifest.md b/docs/data-sources/image_toolkit_fluxcd_io_image_repository_v1beta2_manifest.md index be5314f0f..f1db50e75 100644 --- a/docs/data-sources/image_toolkit_fluxcd_io_image_repository_v1beta2_manifest.md +++ b/docs/data-sources/image_toolkit_fluxcd_io_image_repository_v1beta2_manifest.md @@ -53,19 +53,15 @@ Optional: ### Nested Schema for `spec` -Required: - -- `image` (String) Image is the name of the image repository -- `interval` (String) Interval is the length of time to wait betweenscans of the image repository. - Optional: - `access_from` (Attributes) AccessFrom defines an ACL for allowing cross-namespace referencesto the ImageRepository object based on the caller's namespace labels. (see [below for nested schema](#nestedatt--spec--access_from)) - `cert_secret_ref` (Attributes) CertSecretRef can be given the name of a Secret containingeither or both of- a PEM-encoded client certificate ('tls.crt') and privatekey ('tls.key');- a PEM-encoded CA certificate ('ca.crt')and whichever are supplied, will be used for connecting to theregistry. The client cert and key are useful if you areauthenticating with a certificate; the CA cert is useful ifyou are using a self-signed server certificate. The Secret mustbe of type 'Opaque' or 'kubernetes.io/tls'.Note: Support for the 'caFile', 'certFile' and 'keyFile' keys hasbeen deprecated. (see [below for nested schema](#nestedatt--spec--cert_secret_ref)) - `exclusion_list` (List of String) ExclusionList is a list of regex strings used to exclude certain tagsfrom being stored in the database. +- `image` (String) Image is the name of the image repository - `insecure` (Boolean) Insecure allows connecting to a non-TLS HTTP container registry. +- `interval` (String) Interval is the length of time to wait betweenscans of the image repository. - `provider` (String) The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.When not specified, defaults to 'generic'. -- `proxy_secret_ref` (Attributes) ProxySecretRef specifies the Secret containing the proxy configurationto use while communicating with the container registry. (see [below for nested schema](#nestedatt--spec--proxy_secret_ref)) - `secret_ref` (Attributes) SecretRef can be given the name of a secret containingcredentials to use for the image registry. The secret should becreated with 'kubectl create secret docker-registry', or theequivalent. (see [below for nested schema](#nestedatt--spec--secret_ref)) - `service_account_name` (String) ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticatethe image pull if the service account has attached pull secrets. - `suspend` (Boolean) This flag tells the controller to suspend subsequent image scans.It does not apply to already started scans. Defaults to false. @@ -95,14 +91,6 @@ Required: - `name` (String) Name of the referent. - -### Nested Schema for `spec.proxy_secret_ref` - -Required: - -- `name` (String) Name of the referent. - - ### Nested Schema for `spec.secret_ref` diff --git a/docs/data-sources/image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest.md b/docs/data-sources/image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest.md index 90e0f19be..083c5cc3d 100644 --- a/docs/data-sources/image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest.md +++ b/docs/data-sources/image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest.md @@ -117,7 +117,7 @@ Optional: ### Nested Schema for `spec.git.commit.signing_key` -Required: +Optional: - `secret_ref` (Attributes) SecretRef holds the name to a secret that contains a 'git.asc' keycorresponding to the ASCII Armored file containing the GPG signingkeypair as the value. It must be in the same namespace as theImageUpdateAutomation. (see [below for nested schema](#nestedatt--spec--git--commit--signing_key--secret_ref)) diff --git a/docs/data-sources/image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest.md b/docs/data-sources/image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest.md index a652d2fb4..18dedd53f 100644 --- a/docs/data-sources/image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest.md +++ b/docs/data-sources/image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest.md @@ -118,7 +118,7 @@ Optional: ### Nested Schema for `spec.git.commit.signing_key` -Required: +Optional: - `secret_ref` (Attributes) SecretRef holds the name to a secret that contains a 'git.asc' keycorresponding to the ASCII Armored file containing the GPG signingkeypair as the value. It must be in the same namespace as theImageUpdateAutomation. (see [below for nested schema](#nestedatt--spec--git--commit--signing_key--secret_ref)) diff --git a/docs/data-sources/k8s_mariadb_com_maria_db_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_maria_db_v1alpha1_manifest.md index 696d7b6c7..c588a5cc0 100644 --- a/docs/data-sources/k8s_mariadb_com_maria_db_v1alpha1_manifest.md +++ b/docs/data-sources/k8s_mariadb_com_maria_db_v1alpha1_manifest.md @@ -3304,7 +3304,6 @@ Optional: Optional: - `metadata` (Attributes) Metadata defines additional metadata for the Galera recovery Jobs. (see [below for nested schema](#nestedatt--spec--galera--recovery--job--metadata)) -- `pod_affinity` (Boolean) PodAffinity indicates whether the recovery Jobs should run in the same Node as the MariaDB Pods. It defaults to true. - `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--galera--recovery--job--resources)) diff --git a/docs/data-sources/kueue_x_k8s_io_workload_v1beta1_manifest.md b/docs/data-sources/kueue_x_k8s_io_workload_v1beta1_manifest.md index fe207b07c..072b4244f 100644 --- a/docs/data-sources/kueue_x_k8s_io_workload_v1beta1_manifest.md +++ b/docs/data-sources/kueue_x_k8s_io_workload_v1beta1_manifest.md @@ -122,9 +122,9 @@ Optional: - `hostname` (String) Specifies the hostname of the PodIf not specified, the pod's hostname will be set to a system-defined value. - `image_pull_secrets` (Attributes List) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.If specified, these secrets will be passed to individual puller implementations for them to use.More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--image_pull_secrets)) - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--init_containers)) -- `node_name` (String) NodeName indicates in which node this pod is scheduled.If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.This field should not be used to express a desire for the pod to be scheduled on a specific node.https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename +- `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.securityContext.supplementalGroupsPolicy- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -210,7 +210,7 @@ Required: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined @@ -248,7 +248,7 @@ Required: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the Secret or its key must be defined @@ -268,7 +268,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the ConfigMap must be defined @@ -277,7 +277,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the Secret must be defined @@ -603,10 +603,6 @@ Required: - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. -Optional: - -- `request` (String) Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request. - @@ -618,7 +614,7 @@ Optional: - `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--containers--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--containers--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default value is Default which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. - `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. - `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. @@ -914,8 +910,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -975,8 +971,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1052,8 +1048,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1113,8 +1109,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1249,7 +1245,7 @@ Required: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined @@ -1287,7 +1283,7 @@ Required: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the Secret or its key must be defined @@ -1307,7 +1303,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the ConfigMap must be defined @@ -1316,7 +1312,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the Secret must be defined @@ -1642,10 +1638,6 @@ Required: - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. -Optional: - -- `request` (String) Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request. - @@ -1657,7 +1649,7 @@ Optional: - `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--ephemeral_containers--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--ephemeral_containers--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default value is Default which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. - `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. - `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. @@ -1839,7 +1831,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -1906,7 +1898,7 @@ Required: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined @@ -1944,7 +1936,7 @@ Required: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the Secret or its key must be defined @@ -1964,7 +1956,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the ConfigMap must be defined @@ -1973,7 +1965,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) Specify whether the Secret must be defined @@ -2299,10 +2291,6 @@ Required: - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. -Optional: - -- `request` (String) Request is the name chosen for a request in the referenced claim.If empty, everything from the claim is made available, otherwiseonly the result of this request. - @@ -2314,7 +2302,7 @@ Optional: - `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--init_containers--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--init_containers--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. -- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default value is Default which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. +- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. - `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem.Default is false.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is windows. - `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that itdoes not run as UID 0 (root) and fail to start the container if it does.If unset or false, no such validation will be performed.May also be set in PodSecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedence. @@ -2504,8 +2492,16 @@ Required: Optional: -- `resource_claim_name` (String) ResourceClaimName is the name of a ResourceClaim object in the samenamespace as this pod.Exactly one of ResourceClaimName and ResourceClaimTemplateName mustbe set. -- `resource_claim_template_name` (String) ResourceClaimTemplateName is the name of a ResourceClaimTemplateobject in the same namespace as this pod.The template will be used to create a new ResourceClaim, which willbe bound to this pod. When this pod is deleted, the ResourceClaimwill also be deleted. The pod name and resource name, along with agenerated component, will be used to form a unique name for theResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.This field is immutable and no changes will be made to thecorresponding ResourceClaim by the control plane after creating theResourceClaim.Exactly one of ResourceClaimName and ResourceClaimTemplateName mustbe set. +- `source` (Attributes) Source describes where to find the ResourceClaim. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--resource_claims--source)) + + +### Nested Schema for `spec.pod_sets.template.spec.resource_claims.source` + +Optional: + +- `resource_claim_name` (String) ResourceClaimName is the name of a ResourceClaim object in the samenamespace as this pod. +- `resource_claim_template_name` (String) ResourceClaimTemplateName is the name of a ResourceClaimTemplateobject in the same namespace as this pod.The template will be used to create a new ResourceClaim, which willbe bound to this pod. When this pod is deleted, the ResourceClaimwill also be deleted. The pod name and resource name, along with agenerated component, will be used to form a unique name for theResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.This field is immutable and no changes will be made to thecorresponding ResourceClaim by the control plane after creating theResourceClaim. + @@ -2529,8 +2525,7 @@ Optional: - `run_as_user` (Number) The UID to run the entrypoint of the container process.Defaults to user specified in image metadata if unspecified.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. - `se_linux_options` (Attributes) The SELinux context to be applied to all containers.If unspecified, the container runtime will allocate a random SELinux context for eachcontainer. May also be set in SecurityContext. If set inboth SecurityContext and PodSecurityContext, the value specified in SecurityContexttakes precedence for that container.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--security_context--se_linux_options)) - `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--security_context--seccomp_profile)) -- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, inaddition to the container's primary GID and fsGroup (if specified). Ifthe SupplementalGroupsPolicy feature is enabled, thesupplementalGroupsPolicy field determines whether these are in additionto or instead of any group memberships defined in the container image.If unspecified, no additional groups are added, though group membershipsdefined in the container image may still be used, depending on thesupplementalGroupsPolicy field.Note that this field cannot be set when spec.os.name is windows. -- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated.Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used.(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabledand the container runtime must implement support for this feature.Note that this field cannot be set when spec.os.name is windows. +- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in additionto the container's primary GID, the fsGroup (if specified), and group membershipsdefined in the container image for the uid of the container process. If unspecified,no additional groups are added to any container. Note that group membershipsdefined in the container image for the uid of the container process are still effective,even if they are not included in this list.Note that this field cannot be set when spec.os.name is windows. - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--security_context--windows_options)) @@ -2667,8 +2662,7 @@ Optional: - `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to akubelet's host machine and then exposed to the pod.More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--gce_persistent_disk)) - `git_repo` (Attributes) gitRepo represents a git repository at a particular revision.DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount anEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDirinto the Pod's container. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--git_repo)) - `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--glusterfs)) -- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the hostmachine that is directly exposed to the container. This is generallyused for system agents or other privileged things that are allowedto see the host machine. Most containers will NOT need this.More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--host_path)) -- `image` (Attributes) image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.The volume is resolved at pod startup depending on which PullPolicy value is provided:- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.The volume will be mounted read-only (ro) and non-executable files (noexec).Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--image)) +- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the hostmachine that is directly exposed to the container. This is generallyused for system agents or other privileged things that are allowedto see the host machine. Most containers will NOT need this.More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath---TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can notmount host directories as read/write. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--host_path)) - `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to akubelet's host machine and then exposed to the pod.More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--iscsi)) - `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetimeMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--nfs)) - `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to aPersistentVolumeClaim in the same namespace.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--persistent_volume_claim)) @@ -2691,7 +2685,7 @@ Required: Optional: -- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstoreTODO: how do we prevent errors in the filesystem from compromising the machine - `partition` (Number) partition is the partition in the volume that you want to mount.If omitted, the default is to mount by volume name.Examples: For volume /dev/sda1, you specify the partition as '1'.Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). - `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts.More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -2745,7 +2739,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -2767,7 +2761,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -2778,7 +2772,7 @@ Optional: - `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Defaults to 0644.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--config_map--items)) -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined @@ -2814,7 +2808,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -2904,7 +2898,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--ephemeral--volume_claim_template--spec--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--ephemeral--volume_claim_template--spec--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -2986,7 +2980,7 @@ Optional: Optional: -- `fs_type` (String) fsType is the filesystem type to mount.Must be a filesystem type supported by the host operating system.Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. +- `fs_type` (String) fsType is the filesystem type to mount.Must be a filesystem type supported by the host operating system.Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.TODO: how do we prevent errors in the filesystem from compromising the machine - `lun` (Number) lun is Optional: FC target lun number - `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will forcethe ReadOnly setting in VolumeMounts. - `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs) @@ -3012,7 +3006,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -3034,7 +3028,7 @@ Required: Optional: -- `fs_type` (String) fsType is filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +- `fs_type` (String) fsType is filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdiskTODO: how do we prevent errors in the filesystem from compromising the machine - `partition` (Number) partition is the partition in the volume that you want to mount.If omitted, the default is to mount by volume name.Examples: For volume /dev/sda1, you specify the partition as '1'.Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts.Defaults to false.More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -3077,15 +3071,6 @@ Optional: - `type` (String) type for HostPath VolumeDefaults to ''More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - -### Nested Schema for `spec.pod_sets.template.spec.volumes.image` - -Optional: - -- `pull_policy` (String) Policy for pulling OCI objects. Possible values are:Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -- `reference` (String) Required: Image or artifact reference to be used.Behaves in the same way as pod.spec.containers[*].image.Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.More info: https://kubernetes.io/docs/concepts/containers/imagesThis field is optional to allow higher level config management to default or overridecontainer images in workload controllers like Deployments and StatefulSets. - - ### Nested Schema for `spec.pod_sets.template.spec.volumes.iscsi` @@ -3099,7 +3084,7 @@ Optional: - `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication -- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsiTODO: how do we prevent errors in the filesystem from compromising the machine - `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name.If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface: will be created for the connection. - `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport.Defaults to 'default' (tcp). - `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the portis other than default (typically TCP ports 860 and 3260). @@ -3111,7 +3096,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -3171,7 +3156,7 @@ Optional: Optional: - `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.Directories within the path are not affected by this setting.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. -- `sources` (Attributes List) sources is the list of volume projections. Each entry in this listhandles one source. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--projected--sources)) +- `sources` (Attributes List) sources is the list of volume projections (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--projected--sources)) ### Nested Schema for `spec.pod_sets.template.spec.volumes.projected.sources` @@ -3227,7 +3212,7 @@ Optional: Optional: - `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedConfigMap will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the ConfigMap,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--projected--sources--config_map--items)) -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined @@ -3297,7 +3282,7 @@ Optional: Optional: - `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--pod_sets--template--spec--volumes--projected--sources--secret--items)) -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - `optional` (Boolean) optional field specify whether the Secret or its key must be defined @@ -3355,7 +3340,7 @@ Required: Optional: -- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount.Tip: Ensure that the filesystem type is supported by the host operating system.Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.More info: https://kubernetes.io/docs/concepts/storage/volumes#rbdTODO: how do we prevent errors in the filesystem from compromising the machine - `keyring` (String) keyring is the path to key ring for RBDUser.Default is /etc/ceph/keyring.More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - `pool` (String) pool is the rados pool name.Default is rbd.More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts.Defaults to false.More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -3367,7 +3352,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -3395,7 +3380,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -3439,7 +3424,7 @@ Optional: Optional: -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.TODO: Add other useful fields. apiVersion, kind, uid?More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. diff --git a/docs/data-sources/kyverno_io_cleanup_policy_v2_manifest.md b/docs/data-sources/kyverno_io_cleanup_policy_v2_manifest.md index ae3fcb8d9..e4ad7e3d6 100644 --- a/docs/data-sources/kyverno_io_cleanup_policy_v2_manifest.md +++ b/docs/data-sources/kyverno_io_cleanup_policy_v2_manifest.md @@ -20,6 +20,7 @@ data "k8s_kyverno_io_cleanup_policy_v2_manifest" "example" { } spec = { schedule = "some-schedule" + match = {} } } ``` @@ -55,7 +56,6 @@ Optional: Required: -- `match` (Attributes) MatchResources defines when cleanuppolicy should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--match)) - `schedule` (String) The schedule in Cron format Optional: @@ -63,183 +63,7 @@ Optional: - `conditions` (Attributes) Conditions defines the conditions used to select the resources which will be cleaned up. (see [below for nested schema](#nestedatt--spec--conditions)) - `context` (Attributes List) Context defines variables and data sources that can be used during rule execution. (see [below for nested schema](#nestedatt--spec--context)) - `exclude` (Attributes) ExcludeResources defines when cleanuppolicy should not be applied. The excludecriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the name or role. (see [below for nested schema](#nestedatt--spec--exclude)) - - -### Nested Schema for `spec.match` - -Optional: - -- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--match--all)) -- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--match--any)) - - -### Nested Schema for `spec.match.all` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--all--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--all--subjects)) - - -### Nested Schema for `spec.match.all.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector)) - - -### Nested Schema for `spec.match.all.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.all.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.match.all.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.all.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.match.all.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.match.any` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--any--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--any--subjects)) - - -### Nested Schema for `spec.match.any.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector)) - - -### Nested Schema for `spec.match.any.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.any.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.match.any.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.any.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.match.any.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - +- `match` (Attributes) MatchResources defines when cleanuppolicy should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--match)) ### Nested Schema for `spec.conditions` @@ -293,7 +117,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--context--api_call--service)) @@ -318,16 +142,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--context--api_call--service--headers)) - - -### Nested Schema for `spec.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -562,3 +376,180 @@ Optional: - `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. - `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + + +### Nested Schema for `spec.match` + +Optional: + +- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--match--all)) +- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--match--any)) + + +### Nested Schema for `spec.match.all` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--all--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--all--subjects)) + + +### Nested Schema for `spec.match.all.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector)) + + +### Nested Schema for `spec.match.all.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.all.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.match.all.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.all.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.match.all.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + +### Nested Schema for `spec.match.any` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--any--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--any--subjects)) + + +### Nested Schema for `spec.match.any.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector)) + + +### Nested Schema for `spec.match.any.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.any.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.match.any.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.any.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.match.any.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. diff --git a/docs/data-sources/kyverno_io_cleanup_policy_v2beta1_manifest.md b/docs/data-sources/kyverno_io_cleanup_policy_v2beta1_manifest.md index 3ad9744ad..18301fc6f 100644 --- a/docs/data-sources/kyverno_io_cleanup_policy_v2beta1_manifest.md +++ b/docs/data-sources/kyverno_io_cleanup_policy_v2beta1_manifest.md @@ -20,6 +20,7 @@ data "k8s_kyverno_io_cleanup_policy_v2beta1_manifest" "example" { } spec = { schedule = "some-schedule" + match = {} } } ``` @@ -55,7 +56,6 @@ Optional: Required: -- `match` (Attributes) MatchResources defines when cleanuppolicy should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--match)) - `schedule` (String) The schedule in Cron format Optional: @@ -63,183 +63,7 @@ Optional: - `conditions` (Attributes) Conditions defines the conditions used to select the resources which will be cleaned up. (see [below for nested schema](#nestedatt--spec--conditions)) - `context` (Attributes List) Context defines variables and data sources that can be used during rule execution. (see [below for nested schema](#nestedatt--spec--context)) - `exclude` (Attributes) ExcludeResources defines when cleanuppolicy should not be applied. The excludecriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the name or role. (see [below for nested schema](#nestedatt--spec--exclude)) - - -### Nested Schema for `spec.match` - -Optional: - -- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--match--all)) -- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--match--any)) - - -### Nested Schema for `spec.match.all` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--all--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--all--subjects)) - - -### Nested Schema for `spec.match.all.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector)) - - -### Nested Schema for `spec.match.all.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.all.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.match.all.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.all.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.match.all.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.match.any` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--any--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--any--subjects)) - - -### Nested Schema for `spec.match.any.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector)) - - -### Nested Schema for `spec.match.any.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.any.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.match.any.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.any.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.match.any.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - +- `match` (Attributes) MatchResources defines when cleanuppolicy should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--match)) ### Nested Schema for `spec.conditions` @@ -293,7 +117,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--context--api_call--service)) @@ -318,16 +142,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--context--api_call--service--headers)) - - -### Nested Schema for `spec.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -562,3 +376,180 @@ Optional: - `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. - `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + + +### Nested Schema for `spec.match` + +Optional: + +- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--match--all)) +- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--match--any)) + + +### Nested Schema for `spec.match.all` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--all--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--all--subjects)) + + +### Nested Schema for `spec.match.all.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector)) + + +### Nested Schema for `spec.match.all.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.all.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.match.all.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.all.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.match.all.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + +### Nested Schema for `spec.match.any` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--any--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--any--subjects)) + + +### Nested Schema for `spec.match.any.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector)) + + +### Nested Schema for `spec.match.any.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.any.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.match.any.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.any.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.match.any.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. diff --git a/docs/data-sources/kyverno_io_cluster_cleanup_policy_v2_manifest.md b/docs/data-sources/kyverno_io_cluster_cleanup_policy_v2_manifest.md index 12ed2a894..78330d059 100644 --- a/docs/data-sources/kyverno_io_cluster_cleanup_policy_v2_manifest.md +++ b/docs/data-sources/kyverno_io_cluster_cleanup_policy_v2_manifest.md @@ -19,6 +19,7 @@ data "k8s_kyverno_io_cluster_cleanup_policy_v2_manifest" "example" { } spec = { schedule = "some-schedule" + match = {} } } ``` @@ -53,7 +54,6 @@ Optional: Required: -- `match` (Attributes) MatchResources defines when cleanuppolicy should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--match)) - `schedule` (String) The schedule in Cron format Optional: @@ -61,183 +61,7 @@ Optional: - `conditions` (Attributes) Conditions defines the conditions used to select the resources which will be cleaned up. (see [below for nested schema](#nestedatt--spec--conditions)) - `context` (Attributes List) Context defines variables and data sources that can be used during rule execution. (see [below for nested schema](#nestedatt--spec--context)) - `exclude` (Attributes) ExcludeResources defines when cleanuppolicy should not be applied. The excludecriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the name or role. (see [below for nested schema](#nestedatt--spec--exclude)) - - -### Nested Schema for `spec.match` - -Optional: - -- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--match--all)) -- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--match--any)) - - -### Nested Schema for `spec.match.all` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--all--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--all--subjects)) - - -### Nested Schema for `spec.match.all.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector)) - - -### Nested Schema for `spec.match.all.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.all.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.match.all.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.all.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.match.all.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.match.any` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--any--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--any--subjects)) - - -### Nested Schema for `spec.match.any.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector)) - - -### Nested Schema for `spec.match.any.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.any.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.match.any.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.any.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.match.any.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - +- `match` (Attributes) MatchResources defines when cleanuppolicy should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--match)) ### Nested Schema for `spec.conditions` @@ -291,7 +115,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--context--api_call--service)) @@ -316,16 +140,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--context--api_call--service--headers)) - - -### Nested Schema for `spec.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -560,3 +374,180 @@ Optional: - `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. - `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + + +### Nested Schema for `spec.match` + +Optional: + +- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--match--all)) +- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--match--any)) + + +### Nested Schema for `spec.match.all` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--all--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--all--subjects)) + + +### Nested Schema for `spec.match.all.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector)) + + +### Nested Schema for `spec.match.all.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.all.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.match.all.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.all.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.match.all.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + +### Nested Schema for `spec.match.any` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--any--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--any--subjects)) + + +### Nested Schema for `spec.match.any.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector)) + + +### Nested Schema for `spec.match.any.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.any.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.match.any.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.any.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.match.any.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. diff --git a/docs/data-sources/kyverno_io_cluster_cleanup_policy_v2beta1_manifest.md b/docs/data-sources/kyverno_io_cluster_cleanup_policy_v2beta1_manifest.md index 6e2d0f302..de5c8e059 100644 --- a/docs/data-sources/kyverno_io_cluster_cleanup_policy_v2beta1_manifest.md +++ b/docs/data-sources/kyverno_io_cluster_cleanup_policy_v2beta1_manifest.md @@ -19,6 +19,7 @@ data "k8s_kyverno_io_cluster_cleanup_policy_v2beta1_manifest" "example" { } spec = { schedule = "some-schedule" + match = {} } } ``` @@ -53,7 +54,6 @@ Optional: Required: -- `match` (Attributes) MatchResources defines when cleanuppolicy should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--match)) - `schedule` (String) The schedule in Cron format Optional: @@ -61,183 +61,7 @@ Optional: - `conditions` (Attributes) Conditions defines the conditions used to select the resources which will be cleaned up. (see [below for nested schema](#nestedatt--spec--conditions)) - `context` (Attributes List) Context defines variables and data sources that can be used during rule execution. (see [below for nested schema](#nestedatt--spec--context)) - `exclude` (Attributes) ExcludeResources defines when cleanuppolicy should not be applied. The excludecriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the name or role. (see [below for nested schema](#nestedatt--spec--exclude)) - - -### Nested Schema for `spec.match` - -Optional: - -- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--match--all)) -- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--match--any)) - - -### Nested Schema for `spec.match.all` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--all--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--all--subjects)) - - -### Nested Schema for `spec.match.all.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector)) - - -### Nested Schema for `spec.match.all.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.all.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.match.all.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.all.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.match.all.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.match.any` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--any--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--any--subjects)) - - -### Nested Schema for `spec.match.any.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector)) - - -### Nested Schema for `spec.match.any.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.any.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.match.any.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.match.any.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.match.any.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - +- `match` (Attributes) MatchResources defines when cleanuppolicy should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--match)) ### Nested Schema for `spec.conditions` @@ -291,7 +115,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--context--api_call--service)) @@ -316,16 +140,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--context--api_call--service--headers)) - - -### Nested Schema for `spec.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -560,3 +374,180 @@ Optional: - `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. - `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + + +### Nested Schema for `spec.match` + +Optional: + +- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--match--all)) +- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--match--any)) + + +### Nested Schema for `spec.match.all` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--all--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--all--subjects)) + + +### Nested Schema for `spec.match.all.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector)) + + +### Nested Schema for `spec.match.all.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.all.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.match.all.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--all--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.all.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.match.all.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + +### Nested Schema for `spec.match.any` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--match--any--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--match--any--subjects)) + + +### Nested Schema for `spec.match.any.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector)) + + +### Nested Schema for `spec.match.any.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.any.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.match.any.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--match--any--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.match.any.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.match.any.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. diff --git a/docs/data-sources/kyverno_io_cluster_policy_v1_manifest.md b/docs/data-sources/kyverno_io_cluster_policy_v1_manifest.md index 255799d66..44f41d684 100644 --- a/docs/data-sources/kyverno_io_cluster_policy_v1_manifest.md +++ b/docs/data-sources/kyverno_io_cluster_policy_v1_manifest.md @@ -20,7 +20,8 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "example" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" + match = {} context = [ { name = "response" @@ -47,7 +48,8 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "int_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" + match = {} context = [ { name = "response" @@ -74,7 +76,8 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "bool_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" + match = {} context = [ { name = "response" @@ -101,7 +104,8 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "array_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" + match = {} context = [ { name = "response" @@ -128,7 +132,8 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "map_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" + match = {} context = [ { name = "response" @@ -155,7 +160,8 @@ data "k8s_kyverno_io_cluster_policy_v1_manifest" "mixed_value" { spec = { rules = [ { - name = "some-rule" + name = "some-rule" + match = {} context = [ { name = "response" @@ -227,7 +233,6 @@ Optional: Required: -- `match` (Attributes) MatchResources defines when this policy rule should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--rules--match)) - `name` (String) Name is a label to identify the rule, It must be unique within the policy. Optional: @@ -237,6 +242,7 @@ Optional: - `exclude` (Attributes) ExcludeResources defines when this policy rule should not be applied. The excludecriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the name or role. (see [below for nested schema](#nestedatt--spec--rules--exclude)) - `generate` (Attributes) Generation is used to create new resources. (see [below for nested schema](#nestedatt--spec--rules--generate)) - `image_extractors` (Map of String) ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.This config is only valid for verifyImages rules. +- `match` (Attributes) MatchResources defines when this policy rule should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--rules--match)) - `mutate` (Attributes) Mutation is used to modify matching resources. (see [below for nested schema](#nestedatt--spec--rules--mutate)) - `preconditions` (Map of String) Preconditions are used to determine if a policy rule should be applied by evaluating aset of conditions. The declaration can contain nested 'any' or 'all' statements. A direct listof conditions (without 'any' or 'all' statements is supported for backwards compatibility butwill be deprecated in the next major release.See: https://kyverno.io/docs/writing-policies/preconditions/ - `report_properties` (Map of String) ReportProperties are the additional properties from the rule that will be added to the policy report result @@ -244,260 +250,6 @@ Optional: - `validate` (Attributes) Validation is used to validate matching resources. (see [below for nested schema](#nestedatt--spec--rules--validate)) - `verify_images` (Attributes List) VerifyImages is used to verify image signatures and mutate them to add a digest (see [below for nested schema](#nestedatt--spec--rules--verify_images)) - -### Nested Schema for `spec.rules.match` - -Optional: - -- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--rules--match--all)) -- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--rules--match--any)) -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified.Requires at least one tag to be specified when under MatchResources.Specifying ResourceDescription directly under match is being deprecated.Please specify under 'any' or 'all' instead. (see [below for nested schema](#nestedatt--spec--rules--match--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--subjects)) - - -### Nested Schema for `spec.rules.match.all` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--all--subjects)) - - -### Nested Schema for `spec.rules.match.all.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector)) - - -### Nested Schema for `spec.rules.match.all.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.all.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.all.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.all.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.all.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.rules.match.any` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--any--subjects)) - - -### Nested Schema for `spec.rules.match.any.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector)) - - -### Nested Schema for `spec.rules.match.any.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.any.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.any.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.any.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.any.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.rules.match.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--resources--selector)) - - -### Nested Schema for `spec.rules.match.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - ### Nested Schema for `spec.rules.cel_preconditions` @@ -528,7 +280,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--service)) @@ -553,16 +305,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -901,29 +643,286 @@ Optional: Optional: -- `name` (String) Name specifies name of the resource. -- `namespace` (String) Namespace specifies source resource namespace. - +- `name` (String) Name specifies name of the resource. +- `namespace` (String) Namespace specifies source resource namespace. + + + +### Nested Schema for `spec.rules.generate.clone_list` + +Optional: + +- `kinds` (List of String) Kinds is a list of resource kinds. +- `namespace` (String) Namespace specifies source resource namespace. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels'.wildcard characters are not supported. (see [below for nested schema](#nestedatt--spec--rules--generate--clone_list--selector)) + + +### Nested Schema for `spec.rules.generate.clone_list.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--generate--clone_list--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.generate.clone_list.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.rules.generate.foreach` + +Optional: + +- `api_version` (String) APIVersion specifies resource apiVersion. +- `clone` (Attributes) Clone specifies the source resource used to populate each generated resource.At most one of Data or Clone can be specified. If neither are provided, the generatedresource will be created with default data only. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone)) +- `clone_list` (Attributes) CloneList specifies the list of source resource used to populate each generated resource. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list)) +- `context` (Attributes List) Context defines variables and data sources that can be used during rule execution. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context)) +- `data` (Map of String) Data provides the resource declaration used to populate each generated resource.At most one of Data or Clone must be specified. If neither are provided, the generatedresource will be created with default data only. +- `kind` (String) Kind specifies resource kind. +- `list` (String) List specifies a JMESPath expression that results in one or more elementsto which the validation logic is applied. +- `name` (String) Name specifies the resource name. +- `namespace` (String) Namespace specifies resource namespace. +- `preconditions` (Attributes) AnyAllConditions are used to determine if a policy rule should be applied by evaluating aset of conditions. The declaration can contain nested 'any' or 'all' statements.See: https://kyverno.io/docs/writing-policies/preconditions/ (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions)) +- `uid` (String) UID specifies the resource uid. + + +### Nested Schema for `spec.rules.generate.foreach.clone` + +Optional: + +- `name` (String) Name specifies name of the resource. +- `namespace` (String) Namespace specifies source resource namespace. + + + +### Nested Schema for `spec.rules.generate.foreach.clone_list` + +Optional: + +- `kinds` (List of String) Kinds is a list of resource kinds. +- `namespace` (String) Namespace specifies source resource namespace. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels'.wildcard characters are not supported. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list--selector)) + + +### Nested Schema for `spec.rules.generate.foreach.clone_list.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.generate.foreach.clone_list.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.rules.generate.foreach.context` + +Required: + +- `name` (String) Name is the variable name. + +Optional: + +- `api_call` (Attributes) APICall is an HTTP request to the Kubernetes API server, or other JSON web service.The data returned is stored in the context with the name for the context entry. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call)) +- `config_map` (Attributes) ConfigMap is the ConfigMap reference. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--config_map)) +- `global_reference` (Attributes) GlobalContextEntryReference is a reference to a cached global context entry. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--global_reference)) +- `image_registry` (Attributes) ImageRegistry defines requests to an OCI/Docker V2 registry to fetch imagedetails. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--image_registry)) +- `variable` (Attributes) Variable defines an arbitrary JMESPath context variable that can be defined inline. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--variable)) + + +### Nested Schema for `spec.rules.generate.foreach.context.api_call` + +Optional: + +- `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--data)) +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error +- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. +- `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. +- `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service)) +- `url_path` (String) URLPath is the URL path to be used in the HTTP GET or POST request to theKubernetes API server (e.g. '/api/v1/namespaces' or '/apis/apps/v1/deployments').The format required is the same format used by the 'kubectl get --raw' command.See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-callsfor details.It's mutually exclusive with the Service field. + + +### Nested Schema for `spec.rules.generate.foreach.context.api_call.data` + +Required: + +- `key` (String) Key is a unique identifier for the data value +- `value` (Map of String) Value is the data value + + + +### Nested Schema for `spec.rules.generate.foreach.context.api_call.service` + +Required: + +- `url` (String) URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'. + +Optional: + +- `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. + + + + +### Nested Schema for `spec.rules.generate.foreach.context.config_map` + +Required: + +- `name` (String) Name is the ConfigMap name. + +Optional: + +- `namespace` (String) Namespace is the ConfigMap namespace. + + + +### Nested Schema for `spec.rules.generate.foreach.context.global_reference` + +Required: + +- `name` (String) Name of the global context entry + +Optional: + +- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. + + + +### Nested Schema for `spec.rules.generate.foreach.context.image_registry` + +Required: + +- `reference` (String) Reference is image reference to a container image in the registry.Example: ghcr.io/kyverno/kyverno:latest + +Optional: + +- `image_registry_credentials` (Attributes) ImageRegistryCredentials provides credentials that will be used for authentication with registry (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--image_registry--image_registry_credentials)) +- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the ImageData struct returned as a result of processingthe image reference. + + +### Nested Schema for `spec.rules.generate.foreach.context.image_registry.image_registry_credentials` + +Optional: + +- `allow_insecure_registry` (Boolean) AllowInsecureRegistry allows insecure access to a registry. +- `providers` (List of String) Providers specifies a list of OCI Registry names, whose authentication providers are provided.It can be of one of these values: default,google,azure,amazon,github. +- `secrets` (List of String) Secrets specifies a list of secrets that are provided for credentials.Secrets must live in the Kyverno namespace. + + + + +### Nested Schema for `spec.rules.generate.foreach.context.variable` + +Optional: + +- `default` (Map of String) Default is an optional arbitrary JSON object that the variable may take if the JMESPathexpression evaluates to nil +- `jmes_path` (String) JMESPath is an optional JMESPath Expression that can be used totransform the variable. +- `value` (Map of String) Value is any arbitrary JSON object representable in YAML or JSON form. + + + + +### Nested Schema for `spec.rules.generate.foreach.preconditions` + +Optional: + +- `all` (Attributes List) AllConditions enable variable-based conditional rule execution. This is useful forfiner control of when an rule is applied. A condition can reference object datausing JMESPath notation.Here, all of the conditions need to pass (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions--all)) +- `any` (Attributes List) AnyConditions enable variable-based conditional rule execution. This is useful forfiner control of when an rule is applied. A condition can reference object datausing JMESPath notation.Here, at least one of the conditions need to pass (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions--any)) + + +### Nested Schema for `spec.rules.generate.foreach.preconditions.all` + +Optional: + +- `key` (Map of String) Key is the context entry (using JMESPath) for conditional rule evaluation. +- `message` (String) Message is an optional display message +- `operator` (String) Operator is the conditional operation to perform. Valid operators are:Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,DurationLessThanOrEquals, DurationLessThan +- `value` (Map of String) Value is the conditional value, or set of values. The values can be fixed setor can be variables declared using JMESPath. + + + +### Nested Schema for `spec.rules.generate.foreach.preconditions.any` + +Optional: + +- `key` (Map of String) Key is the context entry (using JMESPath) for conditional rule evaluation. +- `message` (String) Message is an optional display message +- `operator` (String) Operator is the conditional operation to perform. Valid operators are:Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,DurationLessThanOrEquals, DurationLessThan +- `value` (Map of String) Value is the conditional value, or set of values. The values can be fixed setor can be variables declared using JMESPath. + + + + + + +### Nested Schema for `spec.rules.match` + +Optional: + +- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--rules--match--all)) +- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--rules--match--any)) +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified.Requires at least one tag to be specified when under MatchResources.Specifying ResourceDescription directly under match is being deprecated.Please specify under 'any' or 'all' instead. (see [below for nested schema](#nestedatt--spec--rules--match--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--subjects)) + + +### Nested Schema for `spec.rules.match.all` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--all--subjects)) - -### Nested Schema for `spec.rules.generate.clone_list` + +### Nested Schema for `spec.rules.match.all.resources` Optional: +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). - `kinds` (List of String) Kinds is a list of resource kinds. -- `namespace` (String) Namespace specifies source resource namespace. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels'.wildcard characters are not supported. (see [below for nested schema](#nestedatt--spec--rules--generate--clone_list--selector)) +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector)) - -### Nested Schema for `spec.rules.generate.clone_list.selector` + +### Nested Schema for `spec.rules.match.all.resources.namespace_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--generate--clone_list--selector--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.rules.generate.clone_list.selector.match_expressions` + +### Nested Schema for `spec.rules.match.all.resources.namespace_selector.match_expressions` Required: @@ -936,212 +935,199 @@ Optional: - - -### Nested Schema for `spec.rules.generate.foreach` + +### Nested Schema for `spec.rules.match.all.resources.selector` Optional: -- `api_version` (String) APIVersion specifies resource apiVersion. -- `clone` (Attributes) Clone specifies the source resource used to populate each generated resource.At most one of Data or Clone can be specified. If neither are provided, the generatedresource will be created with default data only. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone)) -- `clone_list` (Attributes) CloneList specifies the list of source resource used to populate each generated resource. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list)) -- `context` (Attributes List) Context defines variables and data sources that can be used during rule execution. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context)) -- `data` (Map of String) Data provides the resource declaration used to populate each generated resource.At most one of Data or Clone must be specified. If neither are provided, the generatedresource will be created with default data only. -- `kind` (String) Kind specifies resource kind. -- `list` (String) List specifies a JMESPath expression that results in one or more elementsto which the validation logic is applied. -- `name` (String) Name specifies the resource name. -- `namespace` (String) Namespace specifies resource namespace. -- `preconditions` (Attributes) AnyAllConditions are used to determine if a policy rule should be applied by evaluating aset of conditions. The declaration can contain nested 'any' or 'all' statements.See: https://kyverno.io/docs/writing-policies/preconditions/ (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions)) -- `uid` (String) UID specifies the resource uid. - - -### Nested Schema for `spec.rules.generate.foreach.clone` - -Optional: +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. -- `name` (String) Name specifies name of the resource. -- `namespace` (String) Namespace specifies source resource namespace. + +### Nested Schema for `spec.rules.match.all.resources.selector.match_expressions` +Required: - -### Nested Schema for `spec.rules.generate.foreach.clone_list` +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `kinds` (List of String) Kinds is a list of resource kinds. -- `namespace` (String) Namespace specifies source resource namespace. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels'.wildcard characters are not supported. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list--selector)) +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - -### Nested Schema for `spec.rules.generate.foreach.clone_list.selector` -Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.rules.generate.foreach.clone_list.selector.match_expressions` + +### Nested Schema for `spec.rules.match.all.subjects` Required: -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + +### Nested Schema for `spec.rules.match.any` - -### Nested Schema for `spec.rules.generate.foreach.context` +Optional: -Required: +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--any--subjects)) -- `name` (String) Name is the variable name. + +### Nested Schema for `spec.rules.match.any.resources` Optional: -- `api_call` (Attributes) APICall is an HTTP request to the Kubernetes API server, or other JSON web service.The data returned is stored in the context with the name for the context entry. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call)) -- `config_map` (Attributes) ConfigMap is the ConfigMap reference. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--config_map)) -- `global_reference` (Attributes) GlobalContextEntryReference is a reference to a cached global context entry. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--global_reference)) -- `image_registry` (Attributes) ImageRegistry defines requests to an OCI/Docker V2 registry to fetch imagedetails. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--image_registry)) -- `variable` (Attributes) Variable defines an arbitrary JMESPath context variable that can be defined inline. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--variable)) +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector)) - -### Nested Schema for `spec.rules.generate.foreach.context.api_call` + +### Nested Schema for `spec.rules.match.any.resources.namespace_selector` Optional: -- `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. -- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. -- `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. -- `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service)) -- `url_path` (String) URLPath is the URL path to be used in the HTTP GET or POST request to theKubernetes API server (e.g. '/api/v1/namespaces' or '/apis/apps/v1/deployments').The format required is the same format used by the 'kubectl get --raw' command.See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-callsfor details.It's mutually exclusive with the Service field. +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.rules.generate.foreach.context.api_call.data` + +### Nested Schema for `spec.rules.match.any.resources.namespace_selector.match_expressions` Required: -- `key` (String) Key is a unique identifier for the data value -- `value` (Map of String) Value is the data value +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +Optional: - -### Nested Schema for `spec.rules.generate.foreach.context.api_call.service` +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. -Required: -- `url` (String) URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'. + + +### Nested Schema for `spec.rules.match.any.resources.selector` Optional: -- `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service--headers)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.rules.generate.foreach.context.api_call.service.headers` + +### Nested Schema for `spec.rules.match.any.resources.selector.match_expressions` Required: -- `key` (String) Key is the header key -- `value` (String) Value is the header value +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - -### Nested Schema for `spec.rules.generate.foreach.context.config_map` + +### Nested Schema for `spec.rules.match.any.subjects` Required: -- `name` (String) Name is the ConfigMap name. +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. Optional: -- `namespace` (String) Namespace is the ConfigMap namespace. - +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - -### Nested Schema for `spec.rules.generate.foreach.context.global_reference` -Required: -- `name` (String) Name of the global context entry + +### Nested Schema for `spec.rules.match.resources` Optional: -- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--resources--selector)) - -### Nested Schema for `spec.rules.generate.foreach.context.image_registry` + +### Nested Schema for `spec.rules.match.resources.namespace_selector` -Required: +Optional: -- `reference` (String) Reference is image reference to a container image in the registry.Example: ghcr.io/kyverno/kyverno:latest +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. -Optional: + +### Nested Schema for `spec.rules.match.resources.namespace_selector.match_expressions` -- `image_registry_credentials` (Attributes) ImageRegistryCredentials provides credentials that will be used for authentication with registry (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--image_registry--image_registry_credentials)) -- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the ImageData struct returned as a result of processingthe image reference. +Required: - -### Nested Schema for `spec.rules.generate.foreach.context.image_registry.image_registry_credentials` +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `allow_insecure_registry` (Boolean) AllowInsecureRegistry allows insecure access to a registry. -- `providers` (List of String) Providers specifies a list of OCI Registry names, whose authentication providers are provided.It can be of one of these values: default,google,azure,amazon,github. -- `secrets` (List of String) Secrets specifies a list of secrets that are provided for credentials.Secrets must live in the Kyverno namespace. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - -### Nested Schema for `spec.rules.generate.foreach.context.variable` + +### Nested Schema for `spec.rules.match.resources.selector` Optional: -- `default` (Map of String) Default is an optional arbitrary JSON object that the variable may take if the JMESPathexpression evaluates to nil -- `jmes_path` (String) JMESPath is an optional JMESPath Expression that can be used totransform the variable. -- `value` (Map of String) Value is any arbitrary JSON object representable in YAML or JSON form. +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + +### Nested Schema for `spec.rules.match.resources.selector.match_expressions` +Required: - -### Nested Schema for `spec.rules.generate.foreach.preconditions` +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `all` (Attributes List) AllConditions enable variable-based conditional rule execution. This is useful forfiner control of when an rule is applied. A condition can reference object datausing JMESPath notation.Here, all of the conditions need to pass (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions--all)) -- `any` (Attributes List) AnyConditions enable variable-based conditional rule execution. This is useful forfiner control of when an rule is applied. A condition can reference object datausing JMESPath notation.Here, at least one of the conditions need to pass (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions--any)) - - -### Nested Schema for `spec.rules.generate.foreach.preconditions.all` +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. -Optional: -- `key` (Map of String) Key is the context entry (using JMESPath) for conditional rule evaluation. -- `message` (String) Message is an optional display message -- `operator` (String) Operator is the conditional operation to perform. Valid operators are:Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,DurationLessThanOrEquals, DurationLessThan -- `value` (Map of String) Value is the conditional value, or set of values. The values can be fixed setor can be variables declared using JMESPath. - -### Nested Schema for `spec.rules.generate.foreach.preconditions.any` + +### Nested Schema for `spec.rules.match.subjects` -Optional: +Required: -- `key` (Map of String) Key is the context entry (using JMESPath) for conditional rule evaluation. -- `message` (String) Message is an optional display message -- `operator` (String) Operator is the conditional operation to perform. Valid operators are:Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,DurationLessThanOrEquals, DurationLessThan -- `value` (Map of String) Value is the conditional value, or set of values. The values can be fixed setor can be variables declared using JMESPath. +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. +Optional: +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. @@ -1190,7 +1176,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--service)) @@ -1215,16 +1201,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.mutate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -1352,7 +1328,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--service)) @@ -1377,16 +1353,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.mutate.targets.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -1629,7 +1595,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--service)) @@ -1654,16 +1620,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.validate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - diff --git a/docs/data-sources/kyverno_io_cluster_policy_v2beta1_manifest.md b/docs/data-sources/kyverno_io_cluster_policy_v2beta1_manifest.md index da5bff693..a28c17a17 100644 --- a/docs/data-sources/kyverno_io_cluster_policy_v2beta1_manifest.md +++ b/docs/data-sources/kyverno_io_cluster_policy_v2beta1_manifest.md @@ -71,7 +71,6 @@ Optional: Required: -- `match` (Attributes) MatchResources defines when this policy rule should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--rules--match)) - `name` (String) Name is a label to identify the rule, It must be unique within the policy. Optional: @@ -81,189 +80,13 @@ Optional: - `exclude` (Attributes) ExcludeResources defines when this policy rule should not be applied. The excludecriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the name or role. (see [below for nested schema](#nestedatt--spec--rules--exclude)) - `generate` (Attributes) Generation is used to create new resources. (see [below for nested schema](#nestedatt--spec--rules--generate)) - `image_extractors` (Map of String) ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.This config is only valid for verifyImages rules. +- `match` (Attributes) MatchResources defines when this policy rule should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--rules--match)) - `mutate` (Attributes) Mutation is used to modify matching resources. (see [below for nested schema](#nestedatt--spec--rules--mutate)) - `preconditions` (Attributes) Preconditions are used to determine if a policy rule should be applied by evaluating aset of conditions. The declaration can contain nested 'any' or 'all' statements.See: https://kyverno.io/docs/writing-policies/preconditions/ (see [below for nested schema](#nestedatt--spec--rules--preconditions)) - `skip_background_requests` (Boolean) SkipBackgroundRequests bypasses admission requests that are sent by the background controller.The default value is set to 'true', it must be set to 'false' to applygenerate and mutateExisting rules to those requests. - `validate` (Attributes) Validation is used to validate matching resources. (see [below for nested schema](#nestedatt--spec--rules--validate)) - `verify_images` (Attributes List) VerifyImages is used to verify image signatures and mutate them to add a digest (see [below for nested schema](#nestedatt--spec--rules--verify_images)) - -### Nested Schema for `spec.rules.match` - -Optional: - -- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--rules--match--all)) -- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--rules--match--any)) - - -### Nested Schema for `spec.rules.match.all` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--all--subjects)) - - -### Nested Schema for `spec.rules.match.all.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector)) - - -### Nested Schema for `spec.rules.match.all.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.all.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.all.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.all.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.all.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.rules.match.any` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--any--subjects)) - - -### Nested Schema for `spec.rules.match.any.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector)) - - -### Nested Schema for `spec.rules.match.any.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.any.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.any.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.any.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.any.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - ### Nested Schema for `spec.rules.cel_preconditions` @@ -294,7 +117,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--service)) @@ -319,16 +142,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -705,7 +518,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service)) @@ -730,16 +543,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.generate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -834,6 +637,183 @@ Optional: + +### Nested Schema for `spec.rules.match` + +Optional: + +- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--rules--match--all)) +- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--rules--match--any)) + + +### Nested Schema for `spec.rules.match.all` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--all--subjects)) + + +### Nested Schema for `spec.rules.match.all.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector)) + + +### Nested Schema for `spec.rules.match.all.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.match.all.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.rules.match.all.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.match.all.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.rules.match.all.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + +### Nested Schema for `spec.rules.match.any` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--any--subjects)) + + +### Nested Schema for `spec.rules.match.any.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector)) + + +### Nested Schema for `spec.rules.match.any.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.match.any.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.rules.match.any.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.match.any.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.rules.match.any.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + ### Nested Schema for `spec.rules.mutate` @@ -879,7 +859,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--service)) @@ -904,16 +884,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.mutate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -1041,7 +1011,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--service)) @@ -1066,16 +1036,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.mutate.targets.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -1379,7 +1339,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--service)) @@ -1404,16 +1364,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.validate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - diff --git a/docs/data-sources/kyverno_io_global_context_entry_v2alpha1_manifest.md b/docs/data-sources/kyverno_io_global_context_entry_v2alpha1_manifest.md index 22173823b..4620682dd 100644 --- a/docs/data-sources/kyverno_io_global_context_entry_v2alpha1_manifest.md +++ b/docs/data-sources/kyverno_io_global_context_entry_v2alpha1_manifest.md @@ -85,16 +85,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--api_call--service--headers)) - - -### Nested Schema for `spec.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - diff --git a/docs/data-sources/kyverno_io_policy_v1_manifest.md b/docs/data-sources/kyverno_io_policy_v1_manifest.md index 16a12b6b6..32e6e5974 100644 --- a/docs/data-sources/kyverno_io_policy_v1_manifest.md +++ b/docs/data-sources/kyverno_io_policy_v1_manifest.md @@ -74,7 +74,6 @@ Optional: Required: -- `match` (Attributes) MatchResources defines when this policy rule should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--rules--match)) - `name` (String) Name is a label to identify the rule, It must be unique within the policy. Optional: @@ -84,6 +83,7 @@ Optional: - `exclude` (Attributes) ExcludeResources defines when this policy rule should not be applied. The excludecriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the name or role. (see [below for nested schema](#nestedatt--spec--rules--exclude)) - `generate` (Attributes) Generation is used to create new resources. (see [below for nested schema](#nestedatt--spec--rules--generate)) - `image_extractors` (Map of String) ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.This config is only valid for verifyImages rules. +- `match` (Attributes) MatchResources defines when this policy rule should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--rules--match)) - `mutate` (Attributes) Mutation is used to modify matching resources. (see [below for nested schema](#nestedatt--spec--rules--mutate)) - `preconditions` (Map of String) Preconditions are used to determine if a policy rule should be applied by evaluating aset of conditions. The declaration can contain nested 'any' or 'all' statements. A direct listof conditions (without 'any' or 'all' statements is supported for backwards compatibility butwill be deprecated in the next major release.See: https://kyverno.io/docs/writing-policies/preconditions/ - `report_properties` (Map of String) ReportProperties are the additional properties from the rule that will be added to the policy report result @@ -91,260 +91,6 @@ Optional: - `validate` (Attributes) Validation is used to validate matching resources. (see [below for nested schema](#nestedatt--spec--rules--validate)) - `verify_images` (Attributes List) VerifyImages is used to verify image signatures and mutate them to add a digest (see [below for nested schema](#nestedatt--spec--rules--verify_images)) - -### Nested Schema for `spec.rules.match` - -Optional: - -- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--rules--match--all)) -- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--rules--match--any)) -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified.Requires at least one tag to be specified when under MatchResources.Specifying ResourceDescription directly under match is being deprecated.Please specify under 'any' or 'all' instead. (see [below for nested schema](#nestedatt--spec--rules--match--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--subjects)) - - -### Nested Schema for `spec.rules.match.all` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--all--subjects)) - - -### Nested Schema for `spec.rules.match.all.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector)) - - -### Nested Schema for `spec.rules.match.all.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.all.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.all.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.all.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.all.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.rules.match.any` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--any--subjects)) - - -### Nested Schema for `spec.rules.match.any.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector)) - - -### Nested Schema for `spec.rules.match.any.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.any.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.any.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.any.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.any.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.rules.match.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--resources--selector)) - - -### Nested Schema for `spec.rules.match.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - ### Nested Schema for `spec.rules.cel_preconditions` @@ -375,7 +121,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--service)) @@ -400,16 +146,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -748,29 +484,286 @@ Optional: Optional: -- `name` (String) Name specifies name of the resource. -- `namespace` (String) Namespace specifies source resource namespace. - +- `name` (String) Name specifies name of the resource. +- `namespace` (String) Namespace specifies source resource namespace. + + + +### Nested Schema for `spec.rules.generate.clone_list` + +Optional: + +- `kinds` (List of String) Kinds is a list of resource kinds. +- `namespace` (String) Namespace specifies source resource namespace. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels'.wildcard characters are not supported. (see [below for nested schema](#nestedatt--spec--rules--generate--clone_list--selector)) + + +### Nested Schema for `spec.rules.generate.clone_list.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--generate--clone_list--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.generate.clone_list.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.rules.generate.foreach` + +Optional: + +- `api_version` (String) APIVersion specifies resource apiVersion. +- `clone` (Attributes) Clone specifies the source resource used to populate each generated resource.At most one of Data or Clone can be specified. If neither are provided, the generatedresource will be created with default data only. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone)) +- `clone_list` (Attributes) CloneList specifies the list of source resource used to populate each generated resource. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list)) +- `context` (Attributes List) Context defines variables and data sources that can be used during rule execution. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context)) +- `data` (Map of String) Data provides the resource declaration used to populate each generated resource.At most one of Data or Clone must be specified. If neither are provided, the generatedresource will be created with default data only. +- `kind` (String) Kind specifies resource kind. +- `list` (String) List specifies a JMESPath expression that results in one or more elementsto which the validation logic is applied. +- `name` (String) Name specifies the resource name. +- `namespace` (String) Namespace specifies resource namespace. +- `preconditions` (Attributes) AnyAllConditions are used to determine if a policy rule should be applied by evaluating aset of conditions. The declaration can contain nested 'any' or 'all' statements.See: https://kyverno.io/docs/writing-policies/preconditions/ (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions)) +- `uid` (String) UID specifies the resource uid. + + +### Nested Schema for `spec.rules.generate.foreach.clone` + +Optional: + +- `name` (String) Name specifies name of the resource. +- `namespace` (String) Namespace specifies source resource namespace. + + + +### Nested Schema for `spec.rules.generate.foreach.clone_list` + +Optional: + +- `kinds` (List of String) Kinds is a list of resource kinds. +- `namespace` (String) Namespace specifies source resource namespace. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels'.wildcard characters are not supported. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list--selector)) + + +### Nested Schema for `spec.rules.generate.foreach.clone_list.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.generate.foreach.clone_list.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.rules.generate.foreach.context` + +Required: + +- `name` (String) Name is the variable name. + +Optional: + +- `api_call` (Attributes) APICall is an HTTP request to the Kubernetes API server, or other JSON web service.The data returned is stored in the context with the name for the context entry. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call)) +- `config_map` (Attributes) ConfigMap is the ConfigMap reference. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--config_map)) +- `global_reference` (Attributes) GlobalContextEntryReference is a reference to a cached global context entry. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--global_reference)) +- `image_registry` (Attributes) ImageRegistry defines requests to an OCI/Docker V2 registry to fetch imagedetails. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--image_registry)) +- `variable` (Attributes) Variable defines an arbitrary JMESPath context variable that can be defined inline. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--variable)) + + +### Nested Schema for `spec.rules.generate.foreach.context.api_call` + +Optional: + +- `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--data)) +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error +- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. +- `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. +- `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service)) +- `url_path` (String) URLPath is the URL path to be used in the HTTP GET or POST request to theKubernetes API server (e.g. '/api/v1/namespaces' or '/apis/apps/v1/deployments').The format required is the same format used by the 'kubectl get --raw' command.See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-callsfor details.It's mutually exclusive with the Service field. + + +### Nested Schema for `spec.rules.generate.foreach.context.api_call.data` + +Required: + +- `key` (String) Key is a unique identifier for the data value +- `value` (Map of String) Value is the data value + + + +### Nested Schema for `spec.rules.generate.foreach.context.api_call.service` + +Required: + +- `url` (String) URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'. + +Optional: + +- `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. + + + + +### Nested Schema for `spec.rules.generate.foreach.context.config_map` + +Required: + +- `name` (String) Name is the ConfigMap name. + +Optional: + +- `namespace` (String) Namespace is the ConfigMap namespace. + + + +### Nested Schema for `spec.rules.generate.foreach.context.global_reference` + +Required: + +- `name` (String) Name of the global context entry + +Optional: + +- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. + + + +### Nested Schema for `spec.rules.generate.foreach.context.image_registry` + +Required: + +- `reference` (String) Reference is image reference to a container image in the registry.Example: ghcr.io/kyverno/kyverno:latest + +Optional: + +- `image_registry_credentials` (Attributes) ImageRegistryCredentials provides credentials that will be used for authentication with registry (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--image_registry--image_registry_credentials)) +- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the ImageData struct returned as a result of processingthe image reference. + + +### Nested Schema for `spec.rules.generate.foreach.context.image_registry.image_registry_credentials` + +Optional: + +- `allow_insecure_registry` (Boolean) AllowInsecureRegistry allows insecure access to a registry. +- `providers` (List of String) Providers specifies a list of OCI Registry names, whose authentication providers are provided.It can be of one of these values: default,google,azure,amazon,github. +- `secrets` (List of String) Secrets specifies a list of secrets that are provided for credentials.Secrets must live in the Kyverno namespace. + + + + +### Nested Schema for `spec.rules.generate.foreach.context.variable` + +Optional: + +- `default` (Map of String) Default is an optional arbitrary JSON object that the variable may take if the JMESPathexpression evaluates to nil +- `jmes_path` (String) JMESPath is an optional JMESPath Expression that can be used totransform the variable. +- `value` (Map of String) Value is any arbitrary JSON object representable in YAML or JSON form. + + + + +### Nested Schema for `spec.rules.generate.foreach.preconditions` + +Optional: + +- `all` (Attributes List) AllConditions enable variable-based conditional rule execution. This is useful forfiner control of when an rule is applied. A condition can reference object datausing JMESPath notation.Here, all of the conditions need to pass (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions--all)) +- `any` (Attributes List) AnyConditions enable variable-based conditional rule execution. This is useful forfiner control of when an rule is applied. A condition can reference object datausing JMESPath notation.Here, at least one of the conditions need to pass (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions--any)) + + +### Nested Schema for `spec.rules.generate.foreach.preconditions.all` + +Optional: + +- `key` (Map of String) Key is the context entry (using JMESPath) for conditional rule evaluation. +- `message` (String) Message is an optional display message +- `operator` (String) Operator is the conditional operation to perform. Valid operators are:Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,DurationLessThanOrEquals, DurationLessThan +- `value` (Map of String) Value is the conditional value, or set of values. The values can be fixed setor can be variables declared using JMESPath. + + + +### Nested Schema for `spec.rules.generate.foreach.preconditions.any` + +Optional: + +- `key` (Map of String) Key is the context entry (using JMESPath) for conditional rule evaluation. +- `message` (String) Message is an optional display message +- `operator` (String) Operator is the conditional operation to perform. Valid operators are:Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,DurationLessThanOrEquals, DurationLessThan +- `value` (Map of String) Value is the conditional value, or set of values. The values can be fixed setor can be variables declared using JMESPath. + + + + + + +### Nested Schema for `spec.rules.match` + +Optional: + +- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--rules--match--all)) +- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--rules--match--any)) +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified.Requires at least one tag to be specified when under MatchResources.Specifying ResourceDescription directly under match is being deprecated.Please specify under 'any' or 'all' instead. (see [below for nested schema](#nestedatt--spec--rules--match--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--subjects)) + + +### Nested Schema for `spec.rules.match.all` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--all--subjects)) - -### Nested Schema for `spec.rules.generate.clone_list` + +### Nested Schema for `spec.rules.match.all.resources` Optional: +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). - `kinds` (List of String) Kinds is a list of resource kinds. -- `namespace` (String) Namespace specifies source resource namespace. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels'.wildcard characters are not supported. (see [below for nested schema](#nestedatt--spec--rules--generate--clone_list--selector)) +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector)) - -### Nested Schema for `spec.rules.generate.clone_list.selector` + +### Nested Schema for `spec.rules.match.all.resources.namespace_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--generate--clone_list--selector--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.rules.generate.clone_list.selector.match_expressions` + +### Nested Schema for `spec.rules.match.all.resources.namespace_selector.match_expressions` Required: @@ -783,212 +776,199 @@ Optional: - - -### Nested Schema for `spec.rules.generate.foreach` + +### Nested Schema for `spec.rules.match.all.resources.selector` Optional: -- `api_version` (String) APIVersion specifies resource apiVersion. -- `clone` (Attributes) Clone specifies the source resource used to populate each generated resource.At most one of Data or Clone can be specified. If neither are provided, the generatedresource will be created with default data only. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone)) -- `clone_list` (Attributes) CloneList specifies the list of source resource used to populate each generated resource. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list)) -- `context` (Attributes List) Context defines variables and data sources that can be used during rule execution. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context)) -- `data` (Map of String) Data provides the resource declaration used to populate each generated resource.At most one of Data or Clone must be specified. If neither are provided, the generatedresource will be created with default data only. -- `kind` (String) Kind specifies resource kind. -- `list` (String) List specifies a JMESPath expression that results in one or more elementsto which the validation logic is applied. -- `name` (String) Name specifies the resource name. -- `namespace` (String) Namespace specifies resource namespace. -- `preconditions` (Attributes) AnyAllConditions are used to determine if a policy rule should be applied by evaluating aset of conditions. The declaration can contain nested 'any' or 'all' statements.See: https://kyverno.io/docs/writing-policies/preconditions/ (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions)) -- `uid` (String) UID specifies the resource uid. - - -### Nested Schema for `spec.rules.generate.foreach.clone` - -Optional: +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. -- `name` (String) Name specifies name of the resource. -- `namespace` (String) Namespace specifies source resource namespace. + +### Nested Schema for `spec.rules.match.all.resources.selector.match_expressions` +Required: - -### Nested Schema for `spec.rules.generate.foreach.clone_list` +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `kinds` (List of String) Kinds is a list of resource kinds. -- `namespace` (String) Namespace specifies source resource namespace. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels'.wildcard characters are not supported. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list--selector)) +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - -### Nested Schema for `spec.rules.generate.foreach.clone_list.selector` -Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--clone_list--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.rules.generate.foreach.clone_list.selector.match_expressions` + +### Nested Schema for `spec.rules.match.all.subjects` Required: -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + +### Nested Schema for `spec.rules.match.any` - -### Nested Schema for `spec.rules.generate.foreach.context` +Optional: -Required: +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--any--subjects)) -- `name` (String) Name is the variable name. + +### Nested Schema for `spec.rules.match.any.resources` Optional: -- `api_call` (Attributes) APICall is an HTTP request to the Kubernetes API server, or other JSON web service.The data returned is stored in the context with the name for the context entry. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call)) -- `config_map` (Attributes) ConfigMap is the ConfigMap reference. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--config_map)) -- `global_reference` (Attributes) GlobalContextEntryReference is a reference to a cached global context entry. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--global_reference)) -- `image_registry` (Attributes) ImageRegistry defines requests to an OCI/Docker V2 registry to fetch imagedetails. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--image_registry)) -- `variable` (Attributes) Variable defines an arbitrary JMESPath context variable that can be defined inline. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--variable)) +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector)) - -### Nested Schema for `spec.rules.generate.foreach.context.api_call` + +### Nested Schema for `spec.rules.match.any.resources.namespace_selector` Optional: -- `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. -- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. -- `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. -- `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service)) -- `url_path` (String) URLPath is the URL path to be used in the HTTP GET or POST request to theKubernetes API server (e.g. '/api/v1/namespaces' or '/apis/apps/v1/deployments').The format required is the same format used by the 'kubectl get --raw' command.See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-callsfor details.It's mutually exclusive with the Service field. +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.rules.generate.foreach.context.api_call.data` + +### Nested Schema for `spec.rules.match.any.resources.namespace_selector.match_expressions` Required: -- `key` (String) Key is a unique identifier for the data value -- `value` (Map of String) Value is the data value +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +Optional: - -### Nested Schema for `spec.rules.generate.foreach.context.api_call.service` +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. -Required: -- `url` (String) URL is the JSON web service URL. A typical form is'https://{service}.{namespace}:{port}/{path}'. + + +### Nested Schema for `spec.rules.match.any.resources.selector` Optional: -- `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service--headers)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.rules.generate.foreach.context.api_call.service.headers` + +### Nested Schema for `spec.rules.match.any.resources.selector.match_expressions` Required: -- `key` (String) Key is the header key -- `value` (String) Value is the header value +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - -### Nested Schema for `spec.rules.generate.foreach.context.config_map` + +### Nested Schema for `spec.rules.match.any.subjects` Required: -- `name` (String) Name is the ConfigMap name. +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. Optional: -- `namespace` (String) Namespace is the ConfigMap namespace. - +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - -### Nested Schema for `spec.rules.generate.foreach.context.global_reference` -Required: -- `name` (String) Name of the global context entry + +### Nested Schema for `spec.rules.match.resources` Optional: -- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--resources--selector)) - -### Nested Schema for `spec.rules.generate.foreach.context.image_registry` + +### Nested Schema for `spec.rules.match.resources.namespace_selector` -Required: +Optional: -- `reference` (String) Reference is image reference to a container image in the registry.Example: ghcr.io/kyverno/kyverno:latest +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. -Optional: + +### Nested Schema for `spec.rules.match.resources.namespace_selector.match_expressions` -- `image_registry_credentials` (Attributes) ImageRegistryCredentials provides credentials that will be used for authentication with registry (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--image_registry--image_registry_credentials)) -- `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the ImageData struct returned as a result of processingthe image reference. +Required: - -### Nested Schema for `spec.rules.generate.foreach.context.image_registry.image_registry_credentials` +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `allow_insecure_registry` (Boolean) AllowInsecureRegistry allows insecure access to a registry. -- `providers` (List of String) Providers specifies a list of OCI Registry names, whose authentication providers are provided.It can be of one of these values: default,google,azure,amazon,github. -- `secrets` (List of String) Secrets specifies a list of secrets that are provided for credentials.Secrets must live in the Kyverno namespace. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - -### Nested Schema for `spec.rules.generate.foreach.context.variable` + +### Nested Schema for `spec.rules.match.resources.selector` Optional: -- `default` (Map of String) Default is an optional arbitrary JSON object that the variable may take if the JMESPathexpression evaluates to nil -- `jmes_path` (String) JMESPath is an optional JMESPath Expression that can be used totransform the variable. -- `value` (Map of String) Value is any arbitrary JSON object representable in YAML or JSON form. +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + +### Nested Schema for `spec.rules.match.resources.selector.match_expressions` +Required: - -### Nested Schema for `spec.rules.generate.foreach.preconditions` +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `all` (Attributes List) AllConditions enable variable-based conditional rule execution. This is useful forfiner control of when an rule is applied. A condition can reference object datausing JMESPath notation.Here, all of the conditions need to pass (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions--all)) -- `any` (Attributes List) AnyConditions enable variable-based conditional rule execution. This is useful forfiner control of when an rule is applied. A condition can reference object datausing JMESPath notation.Here, at least one of the conditions need to pass (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--preconditions--any)) - - -### Nested Schema for `spec.rules.generate.foreach.preconditions.all` +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. -Optional: -- `key` (Map of String) Key is the context entry (using JMESPath) for conditional rule evaluation. -- `message` (String) Message is an optional display message -- `operator` (String) Operator is the conditional operation to perform. Valid operators are:Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,DurationLessThanOrEquals, DurationLessThan -- `value` (Map of String) Value is the conditional value, or set of values. The values can be fixed setor can be variables declared using JMESPath. - -### Nested Schema for `spec.rules.generate.foreach.preconditions.any` + +### Nested Schema for `spec.rules.match.subjects` -Optional: +Required: -- `key` (Map of String) Key is the context entry (using JMESPath) for conditional rule evaluation. -- `message` (String) Message is an optional display message -- `operator` (String) Operator is the conditional operation to perform. Valid operators are:Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,DurationLessThanOrEquals, DurationLessThan -- `value` (Map of String) Value is the conditional value, or set of values. The values can be fixed setor can be variables declared using JMESPath. +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. +Optional: +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. @@ -1037,7 +1017,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--service)) @@ -1062,16 +1042,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.mutate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -1199,7 +1169,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--service)) @@ -1224,16 +1194,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.mutate.targets.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -1476,7 +1436,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--service)) @@ -1501,16 +1461,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.validate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - diff --git a/docs/data-sources/kyverno_io_policy_v2beta1_manifest.md b/docs/data-sources/kyverno_io_policy_v2beta1_manifest.md index 8fde30516..9656046fc 100644 --- a/docs/data-sources/kyverno_io_policy_v2beta1_manifest.md +++ b/docs/data-sources/kyverno_io_policy_v2beta1_manifest.md @@ -73,7 +73,6 @@ Optional: Required: -- `match` (Attributes) MatchResources defines when this policy rule should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--rules--match)) - `name` (String) Name is a label to identify the rule, It must be unique within the policy. Optional: @@ -83,189 +82,13 @@ Optional: - `exclude` (Attributes) ExcludeResources defines when this policy rule should not be applied. The excludecriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the name or role. (see [below for nested schema](#nestedatt--spec--rules--exclude)) - `generate` (Attributes) Generation is used to create new resources. (see [below for nested schema](#nestedatt--spec--rules--generate)) - `image_extractors` (Map of String) ImageExtractors defines a mapping from kinds to ImageExtractorConfigs.This config is only valid for verifyImages rules. +- `match` (Attributes) MatchResources defines when this policy rule should be applied. The matchcriteria can include resource information (e.g. kind, name, namespace, labels)and admission review request information like the user name or role.At least one kind is required. (see [below for nested schema](#nestedatt--spec--rules--match)) - `mutate` (Attributes) Mutation is used to modify matching resources. (see [below for nested schema](#nestedatt--spec--rules--mutate)) - `preconditions` (Attributes) Preconditions are used to determine if a policy rule should be applied by evaluating aset of conditions. The declaration can contain nested 'any' or 'all' statements.See: https://kyverno.io/docs/writing-policies/preconditions/ (see [below for nested schema](#nestedatt--spec--rules--preconditions)) - `skip_background_requests` (Boolean) SkipBackgroundRequests bypasses admission requests that are sent by the background controller.The default value is set to 'true', it must be set to 'false' to applygenerate and mutateExisting rules to those requests. - `validate` (Attributes) Validation is used to validate matching resources. (see [below for nested schema](#nestedatt--spec--rules--validate)) - `verify_images` (Attributes List) VerifyImages is used to verify image signatures and mutate them to add a digest (see [below for nested schema](#nestedatt--spec--rules--verify_images)) - -### Nested Schema for `spec.rules.match` - -Optional: - -- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--rules--match--all)) -- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--rules--match--any)) - - -### Nested Schema for `spec.rules.match.all` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--all--subjects)) - - -### Nested Schema for `spec.rules.match.all.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector)) - - -### Nested Schema for `spec.rules.match.all.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.all.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.all.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.all.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.all.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - -### Nested Schema for `spec.rules.match.any` - -Optional: - -- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. -- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources)) -- `roles` (List of String) Roles is the list of namespaced role names for the user. -- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--any--subjects)) - - -### Nested Schema for `spec.rules.match.any.resources` - -Optional: - -- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). -- `kinds` (List of String) Kinds is a list of resource kinds. -- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. -- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector)) -- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). -- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. -- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector)) - - -### Nested Schema for `spec.rules.match.any.resources.namespace_selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.any.resources.namespace_selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - -### Nested Schema for `spec.rules.match.any.resources.selector` - -Optional: - -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - - -### Nested Schema for `spec.rules.match.any.resources.selector.match_expressions` - -Required: - -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. - -Optional: - -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. - - - - - -### Nested Schema for `spec.rules.match.any.subjects` - -Required: - -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. -- `name` (String) Name of the object being referenced. - -Optional: - -- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. - - - - ### Nested Schema for `spec.rules.cel_preconditions` @@ -296,7 +119,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--service)) @@ -321,16 +144,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -707,7 +520,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service)) @@ -732,16 +545,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--generate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.generate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -836,6 +639,183 @@ Optional: + +### Nested Schema for `spec.rules.match` + +Optional: + +- `all` (Attributes List) All allows specifying resources which will be ANDed (see [below for nested schema](#nestedatt--spec--rules--match--all)) +- `any` (Attributes List) Any allows specifying resources which will be ORed (see [below for nested schema](#nestedatt--spec--rules--match--any)) + + +### Nested Schema for `spec.rules.match.all` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--all--subjects)) + + +### Nested Schema for `spec.rules.match.all.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector)) + + +### Nested Schema for `spec.rules.match.all.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.match.all.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.rules.match.all.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--all--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.match.all.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.rules.match.all.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + +### Nested Schema for `spec.rules.match.any` + +Optional: + +- `cluster_roles` (List of String) ClusterRoles is the list of cluster-wide role names for the user. +- `resources` (Attributes) ResourceDescription contains information about the resource being created or modified. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources)) +- `roles` (List of String) Roles is the list of namespaced role names for the user. +- `subjects` (Attributes List) Subjects is the list of subject names like users, user groups, and service accounts. (see [below for nested schema](#nestedatt--spec--rules--match--any--subjects)) + + +### Nested Schema for `spec.rules.match.any.resources` + +Optional: + +- `annotations` (Map of String) Annotations is a map of annotations (key-value pairs of type string). Annotation keysand values support the wildcard characters '*' (matches zero or many characters) and'?' (matches at least one character). +- `kinds` (List of String) Kinds is a list of resource kinds. +- `name` (String) Name is the name of the resource. The name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character).NOTE: 'Name' is being deprecated in favor of 'Names'. +- `names` (List of String) Names are the names of the resources. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `namespace_selector` (Attributes) NamespaceSelector is a label selector for the resource namespace. Label keys and valuesin 'matchLabels' support the wildcard characters '*' (matches zero or many characters)and '?' (matches one character).Wildcards allows writing label selectors like['storage.k8s.io/*': '*']. Note that using ['*' : '*'] matches any key and value butdoes not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector)) +- `namespaces` (List of String) Namespaces is a list of namespaces names. Each name supports wildcard characters'*' (matches zero or many characters) and '?' (at least one character). +- `operations` (List of String) Operations can contain values ['CREATE, 'UPDATE', 'CONNECT', 'DELETE'], which are used to match a specific action. +- `selector` (Attributes) Selector is a label selector. Label keys and values in 'matchLabels' support the wildcardcharacters '*' (matches zero or many characters) and '?' (matches one character).Wildcards allows writing label selectors like ['storage.k8s.io/*': '*']. Note thatusing ['*' : '*'] matches any key and value but does not match an empty label set. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector)) + + +### Nested Schema for `spec.rules.match.any.resources.namespace_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--namespace_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.match.any.resources.namespace_selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + +### Nested Schema for `spec.rules.match.any.resources.selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--rules--match--any--resources--selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.rules.match.any.resources.selector.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + + +### Nested Schema for `spec.rules.match.any.subjects` + +Required: + +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `name` (String) Name of the object being referenced. + +Optional: + +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. + + + + ### Nested Schema for `spec.rules.mutate` @@ -881,7 +861,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--service)) @@ -906,16 +886,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--mutate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.mutate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -1043,7 +1013,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--service)) @@ -1068,16 +1038,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--mutate--targets--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.mutate.targets.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - @@ -1381,7 +1341,7 @@ Optional: Optional: - `data` (Attributes List) The data object specifies the POST data sent to the server.Only applicable when the method field is set to POST. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--data)) -- `default` (Map of String) Default is an optional arbitrary JSON object that the contextvalue is set to, if the apiCall returns error. +- `default` (Map of String) Default is an optional arbitrary JSON object that the context may take if the apiCallreturns error - `jmes_path` (String) JMESPath is an optional JSON Match Expression that can be used totransform the JSON response returned from the server. For examplea JMESPath of 'items | length(@)' applied to the API server responsefor the URLPath '/apis/apps/v1/deployments' will return the total countof deployments across all namespaces. - `method` (String) Method is the HTTP request type (GET or POST). Defaults to GET. - `service` (Attributes) Service is an API call to a JSON web service.This is used for non-Kubernetes API server calls.It's mutually exclusive with the URLPath field. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--service)) @@ -1406,16 +1366,6 @@ Required: Optional: - `ca_bundle` (String) CABundle is a PEM encoded CA bundle which will be used to validatethe server certificate. -- `headers` (Attributes List) Headers is a list of optional HTTP headers to be included in the request. (see [below for nested schema](#nestedatt--spec--rules--validate--foreach--context--api_call--service--headers)) - - -### Nested Schema for `spec.rules.validate.foreach.context.api_call.service.headers` - -Required: - -- `key` (String) Key is the header key -- `value` (String) Value is the header value - diff --git a/docs/data-sources/lambda_services_k8s_aws_alias_v1alpha1_manifest.md b/docs/data-sources/lambda_services_k8s_aws_alias_v1alpha1_manifest.md index 296d23cb7..b9238bcd9 100644 --- a/docs/data-sources/lambda_services_k8s_aws_alias_v1alpha1_manifest.md +++ b/docs/data-sources/lambda_services_k8s_aws_alias_v1alpha1_manifest.md @@ -117,7 +117,6 @@ Optional: Optional: - `name` (String) -- `namespace` (String) diff --git a/docs/data-sources/lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest.md b/docs/data-sources/lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest.md index d7458ff01..4c86a3330 100644 --- a/docs/data-sources/lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest.md +++ b/docs/data-sources/lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest.md @@ -127,7 +127,6 @@ Optional: Optional: - `name` (String) -- `namespace` (String) @@ -160,7 +159,6 @@ Optional: Optional: - `name` (String) -- `namespace` (String) @@ -177,7 +175,6 @@ Optional: Optional: - `name` (String) -- `namespace` (String) diff --git a/docs/data-sources/lambda_services_k8s_aws_function_url_config_v1alpha1_manifest.md b/docs/data-sources/lambda_services_k8s_aws_function_url_config_v1alpha1_manifest.md index 0495ddc5a..ed856cef8 100644 --- a/docs/data-sources/lambda_services_k8s_aws_function_url_config_v1alpha1_manifest.md +++ b/docs/data-sources/lambda_services_k8s_aws_function_url_config_v1alpha1_manifest.md @@ -90,4 +90,3 @@ Optional: Optional: - `name` (String) -- `namespace` (String) diff --git a/docs/data-sources/lambda_services_k8s_aws_function_v1alpha1_manifest.md b/docs/data-sources/lambda_services_k8s_aws_function_v1alpha1_manifest.md index c21a44e28..ede37da92 100644 --- a/docs/data-sources/lambda_services_k8s_aws_function_v1alpha1_manifest.md +++ b/docs/data-sources/lambda_services_k8s_aws_function_v1alpha1_manifest.md @@ -112,7 +112,6 @@ Optional: Optional: - `name` (String) -- `namespace` (String) @@ -210,7 +209,6 @@ Optional: Optional: - `name` (String) -- `namespace` (String) @@ -227,7 +225,6 @@ Optional: Optional: - `name` (String) -- `namespace` (String) @@ -270,7 +267,6 @@ Optional: Optional: - `name` (String) -- `namespace` (String) @@ -287,4 +283,3 @@ Optional: Optional: - `name` (String) -- `namespace` (String) diff --git a/docs/data-sources/lambda_services_k8s_aws_version_v1alpha1_manifest.md b/docs/data-sources/lambda_services_k8s_aws_version_v1alpha1_manifest.md index 073bec7bd..1080a255b 100644 --- a/docs/data-sources/lambda_services_k8s_aws_version_v1alpha1_manifest.md +++ b/docs/data-sources/lambda_services_k8s_aws_version_v1alpha1_manifest.md @@ -113,7 +113,6 @@ Optional: Optional: - `name` (String) -- `namespace` (String) diff --git a/docs/data-sources/loki_grafana_com_loki_stack_v1_manifest.md b/docs/data-sources/loki_grafana_com_loki_stack_v1_manifest.md index 1282acf02..da7cb03b3 100644 --- a/docs/data-sources/loki_grafana_com_loki_stack_v1_manifest.md +++ b/docs/data-sources/loki_grafana_com_loki_stack_v1_manifest.md @@ -153,7 +153,6 @@ Optional: Optional: - `ingestion` (Attributes) IngestionLimits defines the limits applied on ingested log streams. (see [below for nested schema](#nestedatt--spec--limits--global--ingestion)) -- `otlp` (Attributes) OTLP to configure which resource, scope and log attributesto store as labels or structured metadata or drop them altogetherfor all tenants. (see [below for nested schema](#nestedatt--spec--limits--global--otlp)) - `queries` (Attributes) QueryLimits defines the limit applied on querying log streams. (see [below for nested schema](#nestedatt--spec--limits--global--queries)) - `retention` (Attributes) Retention defines how long logs are kept in storage. (see [below for nested schema](#nestedatt--spec--limits--global--retention)) @@ -174,62 +173,6 @@ Optional: - `per_stream_rate_limit_burst` (Number) PerStreamRateLimitBurst defines the maximum burst bytes per stream. Units MB. - -### Nested Schema for `spec.limits.global.otlp` - -Optional: - -- `indexed_resource_attributes` (List of String) IndexedResourceAttributes contains the global configuration for resource attributesto store them as index labels or structured metadata or drop them altogether. -- `log_attributes` (Attributes List) LogAttributes contains the configuration for log attributesto store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--global--otlp--log_attributes)) -- `resource_attributes` (Attributes) ResourceAttributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--global--otlp--resource_attributes)) -- `scope_attributes` (Attributes List) ScopeAttributes contains the configuration for scope attributesto store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--global--otlp--scope_attributes)) - - -### Nested Schema for `spec.limits.global.otlp.log_attributes` - -Required: - -- `action` (String) Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether. - -Optional: - -- `attributes` (List of String) Attributes allows choosing the attributes by listing their names. -- `regex` (String) Regex allows choosing the attributes by matching a regular expression. - - - -### Nested Schema for `spec.limits.global.otlp.resource_attributes` - -Optional: - -- `attributes` (Attributes List) Attributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--global--otlp--resource_attributes--attributes)) -- `ignore_defaults` (Boolean) IgnoreDefaults controls whether to ignore the global configuration for resource attributesindexed as labels.If IgnoreDefaults is true, then this spec needs to contain at least one mapping to a index label. - - -### Nested Schema for `spec.limits.global.otlp.resource_attributes.attributes` - -Optional: - -- `action` (String) Action defines the indexing action for the selected resoure attributes. Theycan be either indexed as labels, added to structured metadata or drop altogether. -- `attributes` (List of String) Attributes is the list of attributes to configure indexing or drop themaltogether. -- `regex` (String) Regex allows choosing the attributes by matching a regular expression. - - - - -### Nested Schema for `spec.limits.global.otlp.scope_attributes` - -Required: - -- `action` (String) Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether. - -Optional: - -- `attributes` (List of String) Attributes allows choosing the attributes by listing their names. -- `regex` (String) Regex allows choosing the attributes by matching a regular expression. - - - ### Nested Schema for `spec.limits.global.queries` @@ -275,7 +218,6 @@ Optional: Optional: - `ingestion` (Attributes) IngestionLimits defines the limits applied on ingested log streams. (see [below for nested schema](#nestedatt--spec--limits--tenants--ingestion)) -- `otlp` (Attributes) OTLP to configure which resource, scope and log attributesto store as labels or structured metadata or drop them altogetherfor a single tenants. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp)) - `queries` (Attributes) QueryLimits defines the limit applied on querying log streams. (see [below for nested schema](#nestedatt--spec--limits--tenants--queries)) - `retention` (Attributes) Retention defines how long logs are kept in storage. (see [below for nested schema](#nestedatt--spec--limits--tenants--retention)) @@ -296,61 +238,6 @@ Optional: - `per_stream_rate_limit_burst` (Number) PerStreamRateLimitBurst defines the maximum burst bytes per stream. Units MB. - -### Nested Schema for `spec.limits.tenants.otlp` - -Optional: - -- `log_attributes` (Attributes List) LogAttributes contains the configuration for log attributesto store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp--log_attributes)) -- `resource_attributes` (Attributes) ResourceAttributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp--resource_attributes)) -- `scope_attributes` (Attributes List) ScopeAttributes contains the configuration for scope attributesto store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp--scope_attributes)) - - -### Nested Schema for `spec.limits.tenants.otlp.log_attributes` - -Required: - -- `action` (String) Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether. - -Optional: - -- `attributes` (List of String) Attributes allows choosing the attributes by listing their names. -- `regex` (String) Regex allows choosing the attributes by matching a regular expression. - - - -### Nested Schema for `spec.limits.tenants.otlp.resource_attributes` - -Optional: - -- `attributes` (Attributes List) Attributes contains the configuration for resource attributesto store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp--resource_attributes--attributes)) -- `ignore_defaults` (Boolean) IgnoreDefaults controls whether to ignore the global configuration for resource attributesindexed as labels.If IgnoreDefaults is true, then this spec needs to contain at least one mapping to a index label. - - -### Nested Schema for `spec.limits.tenants.otlp.resource_attributes.attributes` - -Optional: - -- `action` (String) Action defines the indexing action for the selected resoure attributes. Theycan be either indexed as labels, added to structured metadata or drop altogether. -- `attributes` (List of String) Attributes is the list of attributes to configure indexing or drop themaltogether. -- `regex` (String) Regex allows choosing the attributes by matching a regular expression. - - - - -### Nested Schema for `spec.limits.tenants.otlp.scope_attributes` - -Required: - -- `action` (String) Action defines the indexing action for the selected attributes. Theycan be either added to structured metadata or drop altogether. - -Optional: - -- `attributes` (List of String) Attributes allows choosing the attributes by listing their names. -- `regex` (String) Regex allows choosing the attributes by matching a regular expression. - - - ### Nested Schema for `spec.limits.tenants.queries` diff --git a/docs/data-sources/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.md b/docs/data-sources/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.md index a8c7e00c9..023e68c37 100644 --- a/docs/data-sources/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.md +++ b/docs/data-sources/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.md @@ -197,11 +197,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--tls_config)) @@ -286,9 +283,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--oauth2--tls_config)) @@ -728,11 +725,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--tls_config)) @@ -817,9 +811,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--oauth2--tls_config)) @@ -1121,11 +1115,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--tls_config)) @@ -1210,9 +1201,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--oauth2--tls_config)) @@ -1516,11 +1507,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--tls_config)) @@ -1605,9 +1593,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--oauth2--tls_config)) @@ -1934,11 +1922,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--tls_config)) @@ -2023,9 +2008,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--oauth2--tls_config)) @@ -2395,11 +2380,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--tls_config)) @@ -2484,9 +2466,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--oauth2--tls_config)) @@ -2761,11 +2743,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--tls_config)) @@ -2850,9 +2829,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--oauth2--tls_config)) @@ -3180,11 +3159,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--tls_config)) @@ -3269,9 +3245,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--oauth2--tls_config)) @@ -3568,11 +3544,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--tls_config)) @@ -3657,9 +3630,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--oauth2--tls_config)) @@ -3932,11 +3905,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--tls_config)) @@ -4021,9 +3991,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--oauth2--tls_config)) @@ -4293,11 +4263,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--tls_config)) @@ -4382,9 +4349,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--oauth2--tls_config)) @@ -4686,11 +4653,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--tls_config)) @@ -4775,9 +4739,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--oauth2--tls_config)) diff --git a/docs/data-sources/monitoring_coreos_com_alertmanager_config_v1beta1_manifest.md b/docs/data-sources/monitoring_coreos_com_alertmanager_config_v1beta1_manifest.md index 654fdfad7..a47be4c0f 100644 --- a/docs/data-sources/monitoring_coreos_com_alertmanager_config_v1beta1_manifest.md +++ b/docs/data-sources/monitoring_coreos_com_alertmanager_config_v1beta1_manifest.md @@ -153,11 +153,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--tls_config)) @@ -238,9 +235,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--oauth2--tls_config)) @@ -672,11 +669,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--tls_config)) @@ -757,9 +751,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--oauth2--tls_config)) @@ -1056,11 +1050,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--tls_config)) @@ -1141,9 +1132,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--http_config--oauth2--tls_config)) @@ -1447,11 +1438,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--tls_config)) @@ -1532,9 +1520,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--pagerduty_configs--http_config--oauth2--tls_config)) @@ -1853,11 +1841,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--tls_config)) @@ -1938,9 +1923,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--pushover_configs--http_config--oauth2--tls_config)) @@ -2298,11 +2283,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--tls_config)) @@ -2383,9 +2365,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--http_config--oauth2--tls_config)) @@ -2660,11 +2642,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--tls_config)) @@ -2745,9 +2724,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--oauth2--tls_config)) @@ -3071,11 +3050,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--tls_config)) @@ -3156,9 +3132,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--telegram_configs--http_config--oauth2--tls_config)) @@ -3451,11 +3427,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--tls_config)) @@ -3536,9 +3509,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--oauth2--tls_config)) @@ -3811,11 +3784,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--tls_config)) @@ -3896,9 +3866,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--oauth2--tls_config)) @@ -4168,11 +4138,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--tls_config)) @@ -4253,9 +4220,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--webhook_configs--http_config--oauth2--tls_config)) @@ -4549,11 +4516,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the AlertmanagerConfigobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--tls_config)) @@ -4634,9 +4598,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--oauth2--tls_config)) diff --git a/docs/data-sources/monitoring_coreos_com_alertmanager_v1_manifest.md b/docs/data-sources/monitoring_coreos_com_alertmanager_v1_manifest.md index ca2a94bff..dd5cb7476 100644 --- a/docs/data-sources/monitoring_coreos_com_alertmanager_v1_manifest.md +++ b/docs/data-sources/monitoring_coreos_com_alertmanager_v1_manifest.md @@ -568,11 +568,8 @@ Optional: - `basic_auth` (Attributes) BasicAuth for the client.This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. (see [below for nested schema](#nestedatt--spec--alertmanager_configuration--global--http_config--basic_auth)) - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token to be used by the clientfor authentication.The secret needs to be in the same namespace as the Alertmanagerobject and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--alertmanager_configuration--global--http_config--bearer_token_secret)) - `follow_redirects` (Boolean) FollowRedirects specifies whether the client should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--alertmanager_configuration--global--http_config--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. +- `proxy_url` (String) Optional proxy URL. - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--alertmanager_configuration--global--http_config--tls_config)) @@ -657,9 +654,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--alertmanager_configuration--global--http_config--oauth2--tls_config)) diff --git a/docs/data-sources/monitoring_coreos_com_pod_monitor_v1_manifest.md b/docs/data-sources/monitoring_coreos_com_pod_monitor_v1_manifest.md index f1b3afae3..6ced9e350 100644 --- a/docs/data-sources/monitoring_coreos_com_pod_monitor_v1_manifest.md +++ b/docs/data-sources/monitoring_coreos_com_pod_monitor_v1_manifest.md @@ -246,9 +246,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--oauth2--tls_config)) diff --git a/docs/data-sources/monitoring_coreos_com_probe_v1_manifest.md b/docs/data-sources/monitoring_coreos_com_probe_v1_manifest.md index b6e2ca7d3..e9f737564 100644 --- a/docs/data-sources/monitoring_coreos_com_probe_v1_manifest.md +++ b/docs/data-sources/monitoring_coreos_com_probe_v1_manifest.md @@ -170,9 +170,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--oauth2--tls_config)) diff --git a/docs/data-sources/monitoring_coreos_com_prometheus_agent_v1alpha1_manifest.md b/docs/data-sources/monitoring_coreos_com_prometheus_agent_v1alpha1_manifest.md index 200de7be3..ee16247bd 100644 --- a/docs/data-sources/monitoring_coreos_com_prometheus_agent_v1alpha1_manifest.md +++ b/docs/data-sources/monitoring_coreos_com_prometheus_agent_v1alpha1_manifest.md @@ -2167,10 +2167,10 @@ Optional: - `headers` (Map of String) Custom HTTP headers to be sent along with each remote write request.Be aware that headers that are set by Prometheus itself can't be overwritten.It requires Prometheus >= v2.25.0. - `metadata_config` (Attributes) MetadataConfig configures the sending of series metadata to the remote storage. (see [below for nested schema](#nestedatt--spec--remote_write--metadata_config)) - `name` (String) The name of the remote write queue, it must be unique if specified. Thename is used in metrics and logging in order to differentiate queues.It requires Prometheus >= v2.15.0. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) OAuth2 configuration for the URL.It requires Prometheus >= v2.27.0.Cannot be set at the same time as 'sigv4', 'authorization', 'basicAuth', or 'azureAd'. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `queue_config` (Attributes) QueueConfig allows tuning of the remote write queue parameters. (see [below for nested schema](#nestedatt--spec--remote_write--queue_config)) - `remote_timeout` (String) Timeout for requests to the remote write endpoint. @@ -2309,9 +2309,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--tls_config)) diff --git a/docs/data-sources/monitoring_coreos_com_prometheus_v1_manifest.md b/docs/data-sources/monitoring_coreos_com_prometheus_v1_manifest.md index e813760be..1dde73f57 100644 --- a/docs/data-sources/monitoring_coreos_com_prometheus_v1_manifest.md +++ b/docs/data-sources/monitoring_coreos_com_prometheus_v1_manifest.md @@ -2495,10 +2495,10 @@ Optional: - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects.It requires Prometheus >= v2.26.0. - `headers` (Map of String) Custom HTTP headers to be sent along with each remote read request.Be aware that headers that are set by Prometheus itself can't be overwritten.Only valid in Prometheus versions 2.26.0 and newer. - `name` (String) The name of the remote read queue, it must be unique if specified. Thename is used in metrics and logging in order to differentiate readconfigurations.It requires Prometheus >= v2.15.0. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) OAuth2 configuration for the URL.It requires Prometheus >= v2.27.0.Cannot be set at the same time as 'authorization', or 'basicAuth'. (see [below for nested schema](#nestedatt--spec--remote_read--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `read_recent` (Boolean) Whether reads should be made for queries for time ranges thatthe local storage should have complete data for. - `remote_timeout` (String) Timeout for requests to the remote read endpoint. @@ -2575,9 +2575,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--remote_read--oauth2--tls_config)) @@ -2848,10 +2848,10 @@ Optional: - `headers` (Map of String) Custom HTTP headers to be sent along with each remote write request.Be aware that headers that are set by Prometheus itself can't be overwritten.It requires Prometheus >= v2.25.0. - `metadata_config` (Attributes) MetadataConfig configures the sending of series metadata to the remote storage. (see [below for nested schema](#nestedatt--spec--remote_write--metadata_config)) - `name` (String) The name of the remote write queue, it must be unique if specified. Thename is used in metrics and logging in order to differentiate queues.It requires Prometheus >= v2.15.0. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) OAuth2 configuration for the URL.It requires Prometheus >= v2.27.0.Cannot be set at the same time as 'sigv4', 'authorization', 'basicAuth', or 'azureAd'. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `queue_config` (Attributes) QueueConfig allows tuning of the remote write queue parameters. (see [below for nested schema](#nestedatt--spec--remote_write--queue_config)) - `remote_timeout` (String) Timeout for requests to the remote write endpoint. @@ -2990,9 +2990,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--tls_config)) diff --git a/docs/data-sources/monitoring_coreos_com_scrape_config_v1alpha1_manifest.md b/docs/data-sources/monitoring_coreos_com_scrape_config_v1alpha1_manifest.md index 2717b9261..aa7e74e04 100644 --- a/docs/data-sources/monitoring_coreos_com_scrape_config_v1alpha1_manifest.md +++ b/docs/data-sources/monitoring_coreos_com_scrape_config_v1alpha1_manifest.md @@ -82,14 +82,14 @@ Optional: - `linode_sd_configs` (Attributes List) LinodeSDConfigs defines a list of Linode service discovery configurations. (see [below for nested schema](#nestedatt--spec--linode_sd_configs)) - `metric_relabelings` (Attributes List) MetricRelabelConfigs to apply to samples before ingestion. (see [below for nested schema](#nestedatt--spec--metric_relabelings)) - `metrics_path` (String) MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics). -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `nomad_sd_configs` (Attributes List) NomadSDConfigs defines a list of Nomad service discovery configurations. (see [below for nested schema](#nestedatt--spec--nomad_sd_configs)) - `oauth2` (Attributes) OAuth2 configuration to use on every scrape request. (see [below for nested schema](#nestedatt--spec--oauth2)) - `openstack_sd_configs` (Attributes List) OpenStackSDConfigs defines a list of OpenStack service discovery configurations. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs)) - `ovhcloud_sd_configs` (Attributes List) OVHCloudSDConfigs defines a list of OVHcloud service discovery configurations. (see [below for nested schema](#nestedatt--spec--ovhcloud_sd_configs)) - `params` (Map of List of String) Optional HTTP URL parameters -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `puppet_dbsd_configs` (Attributes List) PuppetDBSDConfigs defines a list of PuppetDB service discovery configurations. (see [below for nested schema](#nestedatt--spec--puppet_dbsd_configs)) - `relabelings` (Attributes List) RelabelConfigs defines how to rewrite the target's labels before scraping.Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.The original scrape job's name is available via the '__tmp_prometheus_job_name' label.More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config (see [below for nested schema](#nestedatt--spec--relabelings)) @@ -210,12 +210,12 @@ Optional: - `enable_http2` (Boolean) Whether to enable HTTP2.If unset, Prometheus uses its default value. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects.If unset, Prometheus uses its default value. - `namespace` (String) Namespaces are only supported in Consul Enterprise. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `node_meta` (Map of String) Node metadata key/value pairs to filter nodes for a given service. - `oauth2` (Attributes) Optional OAuth 2.0 configuration. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--oauth2)) - `partition` (String) Admin Partitions are only supported in Consul Enterprise. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) The time after which the provided names are refreshed.On large setup it might be a good idea to increase this value because the catalog will change all the time.If unset, Prometheus uses its default value. - `scheme` (String) HTTP Scheme default 'http' @@ -294,9 +294,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--oauth2--tls_config)) @@ -566,11 +566,11 @@ Optional: - `authorization` (Attributes) Authorization header configuration to authenticate against the DigitalOcean API.Cannot be set at the same time as 'oauth2'. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--authorization)) - `enable_http2` (Boolean) Whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration.Cannot be set at the same time as 'authorization'. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--oauth2)) - `port` (Number) The port to scrape metrics from. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) Refresh interval to re-read the instance list. - `tls_config` (Attributes) TLS configuration applying to the target HTTP endpoint. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--tls_config)) @@ -609,9 +609,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--oauth2--tls_config)) @@ -890,11 +890,11 @@ Optional: - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. - `host_networking_host` (String) The host to use if the container is in host networking mode. - `match_first_network` (Boolean) Configure whether to match the first network if the container has multiple networks defined.If unset, Prometheus uses true by default.It requires Prometheus >= v2.54.1. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration.Cannot be set at the same time as 'authorization'. (see [below for nested schema](#nestedatt--spec--docker_sd_configs--oauth2)) - `port` (Number) The port to scrape metrics from. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) Time after which the container is refreshed. - `tls_config` (Attributes) TLS configuration applying to the target HTTP endpoint. (see [below for nested schema](#nestedatt--spec--docker_sd_configs--tls_config)) @@ -977,9 +977,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--docker_sd_configs--oauth2--tls_config)) @@ -1243,11 +1243,11 @@ Optional: - `enable_http2` (Boolean) Whether to enable HTTP2. - `filters` (Attributes List) Optional filters to limit the discovery process to a subset of availableresources.The available filters are listed in the upstream documentation:Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceListTasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskListNodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList (see [below for nested schema](#nestedatt--spec--docker_swarm_sd_configs--filters)) - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration.Cannot be set at the same time as 'authorization', or 'basicAuth'. (see [below for nested schema](#nestedatt--spec--docker_swarm_sd_configs--oauth2)) - `port` (Number) The port to scrape metrics from, when 'role' is nodes, and for discoveredtasks and services that don't have published ports. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) The time after which the service discovery data is refreshed. - `tls_config` (Attributes) TLS configuration to use on every scrape request (see [below for nested schema](#nestedatt--spec--docker_swarm_sd_configs--tls_config)) @@ -1330,9 +1330,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--docker_swarm_sd_configs--oauth2--tls_config)) @@ -1590,10 +1590,10 @@ Optional: - `enable_http2` (Boolean) Whether to enable HTTP2.It requires Prometheus >= v2.41.0 - `filters` (Attributes List) Filters can be used optionally to filter the instance list by other criteria.Available filter criteria can be found here:https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.htmlFilter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.htmlIt requires Prometheus >= v2.3.0 (see [below for nested schema](#nestedatt--spec--ec2_sd_configs--filters)) - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects.It requires Prometheus >= v2.41.0 -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `port` (Number) The port to scrape metrics from. If using the public IP address, this mustinstead be specified in the relabeling rule. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. - `region` (String) The AWS region. @@ -1747,10 +1747,10 @@ Optional: - `basic_auth` (Attributes) BasicAuth information to use on every scrape request. (see [below for nested schema](#nestedatt--spec--eureka_sd_configs--basic_auth)) - `enable_http2` (Boolean) Whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration.Cannot be set at the same time as 'authorization' or 'basic_auth'. (see [below for nested schema](#nestedatt--spec--eureka_sd_configs--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) Refresh interval to re-read the instance list. - `tls_config` (Attributes) TLS configuration applying to the target HTTP endpoint. (see [below for nested schema](#nestedatt--spec--eureka_sd_configs--tls_config)) @@ -1824,9 +1824,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--eureka_sd_configs--oauth2--tls_config)) @@ -2116,11 +2116,11 @@ Optional: - `basic_auth` (Attributes) BasicAuth information to use on every scrape request, required when role is robot.Role hcloud does not support basic auth. (see [below for nested schema](#nestedatt--spec--hetzner_sd_configs--basic_auth)) - `enable_http2` (Boolean) Whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration.Cannot be used at the same time as 'basic_auth' or 'authorization'. (see [below for nested schema](#nestedatt--spec--hetzner_sd_configs--oauth2)) - `port` (Number) The port to scrape metrics from. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) The time after which the servers are refreshed. - `tls_config` (Attributes) TLS configuration to use on every scrape request. (see [below for nested schema](#nestedatt--spec--hetzner_sd_configs--tls_config)) @@ -2194,9 +2194,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--hetzner_sd_configs--oauth2--tls_config)) @@ -2458,10 +2458,10 @@ Optional: - `basic_auth` (Attributes) BasicAuth information to authenticate against the target HTTP endpoint.More info: https://prometheus.io/docs/operating/configuration/#endpointsCannot be set at the same time as 'authorization', or 'oAuth2'. (see [below for nested schema](#nestedatt--spec--http_sd_configs--basic_auth)) - `enable_http2` (Boolean) Whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint.Cannot be set at the same time as 'authorization', or 'basicAuth'. (see [below for nested schema](#nestedatt--spec--http_sd_configs--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) RefreshInterval configures the refresh interval at which Prometheus will re-query theendpoint to update the target list. - `tls_config` (Attributes) TLS configuration applying to the target HTTP endpoint. (see [below for nested schema](#nestedatt--spec--http_sd_configs--tls_config)) @@ -2535,9 +2535,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--http_sd_configs--oauth2--tls_config)) @@ -2798,10 +2798,10 @@ Optional: - `enable_http2` (Boolean) Configure whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether the HTTP requests should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `port` (Number) Port to scrape the metrics from. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) Refresh interval to re-read the list of resources. - `tls_config` (Attributes) TLS configuration to use when connecting to the IONOS API. (see [below for nested schema](#nestedatt--spec--ionos_sd_configs--tls_config)) @@ -2942,10 +2942,10 @@ Optional: - `enable_http2` (Boolean) Whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. - `namespaces` (Attributes) Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--namespaces)) -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration.Cannot be set at the same time as 'authorization', or 'basicAuth'. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `selectors` (Attributes List) Selector to select objects.It requires Prometheus >= v2.17.0 (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--selectors)) - `tls_config` (Attributes) TLS configuration to connect to the Kubernetes API. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--tls_config)) @@ -3036,9 +3036,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--oauth2--tls_config)) @@ -3315,10 +3315,10 @@ Optional: - `enable_http2` (Boolean) Whether to enable HTTP2. - `fetch_timeout` (String) The time after which the monitoring assignments are refreshed. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration.Cannot be set at the same time as 'authorization', or 'basicAuth'. (see [below for nested schema](#nestedatt--spec--kuma_sd_configs--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) The time to wait between polling update requests. - `tls_config` (Attributes) TLS configuration to use on every scrape request (see [below for nested schema](#nestedatt--spec--kuma_sd_configs--tls_config)) @@ -3392,9 +3392,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--kuma_sd_configs--oauth2--tls_config)) @@ -3654,11 +3654,11 @@ Optional: - `enable_http2` (Boolean) Configure whether to enable HTTP2. - `endpoint` (String) Custom endpoint to be used. - `follow_redirects` (Boolean) Configure whether the HTTP requests should follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth2.0 configuration.Cannot be set at the same time as 'basicAuth', or 'authorization'. (see [below for nested schema](#nestedatt--spec--light_sail_sd_configs--oauth2)) - `port` (Number) Port to scrape the metrics from.If using the public IP address, this must instead be specified in the relabeling rule. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) Refresh interval to re-read the list of instances. - `region` (String) The AWS region. @@ -3748,9 +3748,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--light_sail_sd_configs--oauth2--tls_config)) @@ -4020,11 +4020,11 @@ Optional: - `authorization` (Attributes) Authorization header configuration. (see [below for nested schema](#nestedatt--spec--linode_sd_configs--authorization)) - `enable_http2` (Boolean) Whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration.Cannot be used at the same time as 'authorization'. (see [below for nested schema](#nestedatt--spec--linode_sd_configs--oauth2)) - `port` (Number) Default port to scrape metrics from. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) Time after which the linode instances are refreshed. - `region` (String) Optional region to filter on. @@ -4065,9 +4065,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--linode_sd_configs--oauth2--tls_config)) @@ -4345,10 +4345,10 @@ Optional: - `enable_http2` (Boolean) Whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. - `namespace` (String) -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth 2.0 configuration.Cannot be set at the same time as 'authorization' or 'basic_auth'. (see [below for nested schema](#nestedatt--spec--nomad_sd_configs--oauth2)) -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.Supported units: y, w, d, h, m, s, msExamples: '30s', '1m', '1h20m15s', '15d' - `region` (String) @@ -4424,9 +4424,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--nomad_sd_configs--oauth2--tls_config)) @@ -4687,9 +4687,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--oauth2--tls_config)) @@ -5048,11 +5048,11 @@ Optional: - `enable_http2` (Boolean) Configure whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether the HTTP requests should follow HTTP 3xx redirects. - `include_parameters` (Boolean) Whether to include the parameters as meta labels.Note: Enabling this exposes parameters in the Prometheus UI and API. Make surethat you don't have secrets exposed as parameters if you enable this. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `oauth2` (Attributes) Optional OAuth2.0 configuration.Cannot be set at the same time as 'basicAuth', or 'authorization'. (see [below for nested schema](#nestedatt--spec--puppet_dbsd_configs--oauth2)) - `port` (Number) Port to scrape the metrics from. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) Refresh interval to re-read the list of resources. - `tls_config` (Attributes) TLS configuration to connect to the Puppet DB. (see [below for nested schema](#nestedatt--spec--puppet_dbsd_configs--tls_config)) @@ -5126,9 +5126,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--puppet_dbsd_configs--oauth2--tls_config)) @@ -5407,10 +5407,10 @@ Optional: - `enable_http2` (Boolean) Whether to enable HTTP2. - `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. - `name_filter` (String) NameFilter specify a name filter (works as a LIKE) to apply on the server listing request. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. - `port` (Number) The port to scrape metrics from. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `refresh_interval` (String) Refresh interval to re-read the list of instances. - `tags_filter` (List of String) TagsFilter specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request. diff --git a/docs/data-sources/monitoring_coreos_com_service_monitor_v1_manifest.md b/docs/data-sources/monitoring_coreos_com_service_monitor_v1_manifest.md index 4bc8a7d78..fd88236a5 100644 --- a/docs/data-sources/monitoring_coreos_com_service_monitor_v1_manifest.md +++ b/docs/data-sources/monitoring_coreos_com_service_monitor_v1_manifest.md @@ -209,9 +209,9 @@ Required: Optional: - `endpoint_params` (Map of String) 'endpointParams' configures the HTTP parameters to append to the tokenURL. -- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. -- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. +- `no_proxy` (String) 'noProxy' is a comma-separated string that can contain IPs, CIDR notation, domain namesthat should be excluded from proxying. IP and domain names cancontain port numbers.It requires Prometheus >= v2.43.0. +- `proxy_connect_header` (Map of String) ProxyConnectHeader optionally specifies headers to send toproxies during CONNECT requests.It requires Prometheus >= v2.43.0. +- `proxy_from_environment` (Boolean) Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).If unset, Prometheus uses its default value.It requires Prometheus >= v2.43.0. - `proxy_url` (String) 'proxyURL' defines the HTTP proxy server to use. - `scopes` (List of String) 'scopes' defines the OAuth2 scopes used for the token request. - `tls_config` (Attributes) TLS configuration to use when connecting to the OAuth2 server.It requires Prometheus >= v2.43.0. (see [below for nested schema](#nestedatt--spec--endpoints--oauth2--tls_config)) diff --git a/docs/data-sources/multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest.md b/docs/data-sources/multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest.md index 4173151bb..6a1b1a750 100644 --- a/docs/data-sources/multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest.md +++ b/docs/data-sources/multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest.md @@ -57,7 +57,7 @@ Optional: - `cluster_id` (String) ClusterID of the member cluster. - `gateway_infos` (Attributes List) GatewayInfos has information of Gateways (see [below for nested schema](#nestedatt--spec--gateway_infos)) -- `pod_cid_rs` (List of String) PodCIDRs is the Pod IP address CIDRs. +- `pod_cidrs` (List of String) PodCIDRs is the Pod IP address CIDRs. - `service_cidr` (String) ServiceCIDR is the IP ranges used by Service ClusterIP. - `wire_guard` (Attributes) WireGuardInfo includes information of a WireGuard tunnel. (see [below for nested schema](#nestedatt--spec--wire_guard)) diff --git a/docs/data-sources/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.md b/docs/data-sources/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.md index 2c5b00c51..a38cdec3a 100644 --- a/docs/data-sources/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.md +++ b/docs/data-sources/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.md @@ -74,7 +74,7 @@ Optional: - `cluster_id` (String) ClusterID of the member cluster. - `gateway_infos` (Attributes List) GatewayInfos has information of Gateways (see [below for nested schema](#nestedatt--spec--cluster_info--gateway_infos)) -- `pod_cid_rs` (List of String) PodCIDRs is the Pod IP address CIDRs. +- `pod_cidrs` (List of String) PodCIDRs is the Pod IP address CIDRs. - `service_cidr` (String) ServiceCIDR is the IP ranges used by Service ClusterIP. - `wire_guard` (Attributes) WireGuardInfo includes information of a WireGuard tunnel. (see [below for nested schema](#nestedatt--spec--cluster_info--wire_guard)) diff --git a/docs/data-sources/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.md b/docs/data-sources/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.md index 97e121d57..22490ef8c 100644 --- a/docs/data-sources/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.md +++ b/docs/data-sources/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.md @@ -74,7 +74,7 @@ Optional: - `cluster_id` (String) ClusterID of the member cluster. - `gateway_infos` (Attributes List) GatewayInfos has information of Gateways (see [below for nested schema](#nestedatt--spec--clusterinfo--gateway_infos)) -- `pod_cid_rs` (List of String) PodCIDRs is the Pod IP address CIDRs. +- `pod_cidrs` (List of String) PodCIDRs is the Pod IP address CIDRs. - `service_cidr` (String) ServiceCIDR is the IP ranges used by Service ClusterIP. - `wire_guard` (Attributes) WireGuardInfo includes information of a WireGuard tunnel. (see [below for nested schema](#nestedatt--spec--clusterinfo--wire_guard)) diff --git a/docs/data-sources/notification_toolkit_fluxcd_io_alert_v1beta1_manifest.md b/docs/data-sources/notification_toolkit_fluxcd_io_alert_v1beta1_manifest.md index 50cc0166c..0404226a2 100644 --- a/docs/data-sources/notification_toolkit_fluxcd_io_alert_v1beta1_manifest.md +++ b/docs/data-sources/notification_toolkit_fluxcd_io_alert_v1beta1_manifest.md @@ -78,12 +78,12 @@ Optional: Required: -- `kind` (String) Kind of the referent - `name` (String) Name of the referent Optional: - `api_version` (String) API version of the referent +- `kind` (String) Kind of the referent - `match_labels` (Map of String) MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - `namespace` (String) Namespace of the referent diff --git a/docs/data-sources/notification_toolkit_fluxcd_io_receiver_v1beta1_manifest.md b/docs/data-sources/notification_toolkit_fluxcd_io_receiver_v1beta1_manifest.md index 747b0f0fd..7a661eb43 100644 --- a/docs/data-sources/notification_toolkit_fluxcd_io_receiver_v1beta1_manifest.md +++ b/docs/data-sources/notification_toolkit_fluxcd_io_receiver_v1beta1_manifest.md @@ -21,6 +21,9 @@ data "k8s_notification_toolkit_fluxcd_io_receiver_v1beta1_manifest" "example" { spec = { type = "generic" resources = [] + secret_ref = { + name = "some-secret" + } } } ``` @@ -60,12 +63,12 @@ Optional: Required: - `resources` (Attributes List) A list of resources to be notified about changes. (see [below for nested schema](#nestedatt--spec--resources)) -- `secret_ref` (Attributes) Secret reference containing the token usedto validate the payload authenticity (see [below for nested schema](#nestedatt--spec--secret_ref)) - `type` (String) Type of webhook sender, used to determinethe validation procedure and payload deserialization. Optional: - `events` (List of String) A list of events to handle,e.g. 'push' for GitHub or 'Push Hook' for GitLab. +- `secret_ref` (Attributes) Secret reference containing the token usedto validate the payload authenticity (see [below for nested schema](#nestedatt--spec--secret_ref)) - `suspend` (Boolean) This flag tells the controller to suspend subsequent events handling.Defaults to false. @@ -73,12 +76,12 @@ Optional: Required: -- `kind` (String) Kind of the referent - `name` (String) Name of the referent Optional: - `api_version` (String) API version of the referent +- `kind` (String) Kind of the referent - `match_labels` (Map of String) MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. - `namespace` (String) Namespace of the referent diff --git a/docs/data-sources/notification_toolkit_fluxcd_io_receiver_v1beta2_manifest.md b/docs/data-sources/notification_toolkit_fluxcd_io_receiver_v1beta2_manifest.md index 42c84f4a9..88ae1dd3b 100644 --- a/docs/data-sources/notification_toolkit_fluxcd_io_receiver_v1beta2_manifest.md +++ b/docs/data-sources/notification_toolkit_fluxcd_io_receiver_v1beta2_manifest.md @@ -21,6 +21,9 @@ data "k8s_notification_toolkit_fluxcd_io_receiver_v1beta2_manifest" "example" { spec = { type = "generic" resources = [] + secret_ref = { + name = "some-secret" + } } } ``` @@ -60,13 +63,13 @@ Optional: Required: - `resources` (Attributes List) A list of resources to be notified about changes. (see [below for nested schema](#nestedatt--spec--resources)) -- `secret_ref` (Attributes) SecretRef specifies the Secret containing the token usedto validate the payload authenticity. (see [below for nested schema](#nestedatt--spec--secret_ref)) - `type` (String) Type of webhook sender, used to determinethe validation procedure and payload deserialization. Optional: - `events` (List of String) Events specifies the list of event types to handle,e.g. 'push' for GitHub or 'Push Hook' for GitLab. - `interval` (String) Interval at which to reconcile the Receiver with its Secret references. +- `secret_ref` (Attributes) SecretRef specifies the Secret containing the token usedto validate the payload authenticity. (see [below for nested schema](#nestedatt--spec--secret_ref)) - `suspend` (Boolean) Suspend tells the controller to suspend subsequentevents handling for this receiver. diff --git a/docs/data-sources/operator_tigera_io_application_layer_v1_manifest.md b/docs/data-sources/operator_tigera_io_application_layer_v1_manifest.md index 5ecd6c11e..9062e15fa 100644 --- a/docs/data-sources/operator_tigera_io_application_layer_v1_manifest.md +++ b/docs/data-sources/operator_tigera_io_application_layer_v1_manifest.md @@ -58,7 +58,6 @@ Optional: - `envoy` (Attributes) User-configurable settings for the Envoy proxy. (see [below for nested schema](#nestedatt--spec--envoy)) - `l7_log_collector_daemon_set` (Attributes) L7LogCollectorDaemonSet configures the L7LogCollector DaemonSet. (see [below for nested schema](#nestedatt--spec--l7_log_collector_daemon_set)) - `log_collection` (Attributes) Specification for application layer (L7) log collection. (see [below for nested schema](#nestedatt--spec--log_collection)) -- `sidecar_injection` (String) SidecarInjection controls whether or not sidecar injection is enabled for the cluster.When enabled, pods with the label'applicationlayer.projectcalico.org/sidecar'='true' will have their L7 functionalitysuch as WAF and ALP implemented using an injected sidecar instead of a per-host proxy.The per-host proxy will continue to be used for pods without this label. - `web_application_firewall` (String) WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.When enabled, Services may opt-in to having ingress traffic examed by ModSecurity. diff --git a/docs/data-sources/operator_tigera_io_installation_v1_manifest.md b/docs/data-sources/operator_tigera_io_installation_v1_manifest.md index 79a59e37f..5f0300337 100644 --- a/docs/data-sources/operator_tigera_io_installation_v1_manifest.md +++ b/docs/data-sources/operator_tigera_io_installation_v1_manifest.md @@ -78,7 +78,7 @@ Optional: - `node_update_strategy` (Attributes) NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailablefield. (see [below for nested schema](#nestedatt--spec--node_update_strategy)) - `non_privileged` (String) NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. - `registry` (String) Registry is the default Docker registry used for component Docker images.If specified then the given value must end with a slash character ('/') and all images will be pulled from this registry.If not specified then the default registries will be used. A special case value, UseDefault, issupported to explicitly specify the default registries will be used.Image format: '/:'This option allows configuring the '' portion of the above format. -- `service_cid_rs` (List of String) Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows. +- `service_cidrs` (List of String) Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows. - `typha_affinity` (Attributes) Deprecated. Please use Installation.Spec.TyphaDeployment instead.TyphaAffinity allows configuration of node affinity characteristics for Typha pods. (see [below for nested schema](#nestedatt--spec--typha_affinity)) - `typha_deployment` (Attributes) TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecatedComponentResources or TyphaAffinity, then these overrides take precedence. (see [below for nested schema](#nestedatt--spec--typha_deployment)) - `typha_metrics_port` (Number) TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. diff --git a/docs/data-sources/operator_tigera_io_intrusion_detection_v1_manifest.md b/docs/data-sources/operator_tigera_io_intrusion_detection_v1_manifest.md index f88d38eda..c04ebff10 100644 --- a/docs/data-sources/operator_tigera_io_intrusion_detection_v1_manifest.md +++ b/docs/data-sources/operator_tigera_io_intrusion_detection_v1_manifest.md @@ -56,7 +56,6 @@ Optional: - `anomaly_detection` (Attributes) AnomalyDetection is now deprecated, and configuring it has no effect. (see [below for nested schema](#nestedatt--spec--anomaly_detection)) - `component_resources` (Attributes List) ComponentResources can be used to customize the resource requirements for each component.Only DeepPacketInspection is supported for this spec. (see [below for nested schema](#nestedatt--spec--component_resources)) -- `deep_packet_inspection_daemonset` (Attributes) DeepPacketInspectionDaemonset configures the DPI Daemonset (see [below for nested schema](#nestedatt--spec--deep_packet_inspection_daemonset)) - `intrusion_detection_controller_deployment` (Attributes) IntrusionDetectionControllerDeployment configures the IntrusionDetection Controller Deployment. (see [below for nested schema](#nestedatt--spec--intrusion_detection_controller_deployment)) @@ -94,69 +93,6 @@ Required: - -### Nested Schema for `spec.deep_packet_inspection_daemonset` - -Optional: - -- `spec` (Attributes) DPIDaemonsetSpec configures the DPI Daemonset (see [below for nested schema](#nestedatt--spec--deep_packet_inspection_daemonset--spec)) - - -### Nested Schema for `spec.deep_packet_inspection_daemonset.spec` - -Optional: - -- `template` (Attributes) Template specifies DPI Daemonset Template (see [below for nested schema](#nestedatt--spec--deep_packet_inspection_daemonset--spec--template)) - - -### Nested Schema for `spec.deep_packet_inspection_daemonset.spec.template` - -Optional: - -- `spec` (Attributes) Spec specifies DPI Daemonset Template Spec (see [below for nested schema](#nestedatt--spec--deep_packet_inspection_daemonset--spec--template--spec)) - - -### Nested Schema for `spec.deep_packet_inspection_daemonset.spec.template.spec` - -Optional: - -- `init_containers` (Attributes List) List of DPI Daemonset Init containers definitions (see [below for nested schema](#nestedatt--spec--deep_packet_inspection_daemonset--spec--template--spec--init_containers)) - - -### Nested Schema for `spec.deep_packet_inspection_daemonset.spec.template.spec.init_containers` - -Required: - -- `image` (String) Image name for the init container -- `name` (String) Name is an enum that identifies the init container by its name. - -Optional: - -- `resources` (Attributes) Resources allows customization of limits and requests for compute resources such as cpu and memory.If specified, this overrides the init container's resources.If omitted, the default values will be used for the init container's resources. (see [below for nested schema](#nestedatt--spec--deep_packet_inspection_daemonset--spec--template--spec--init_containers--resources)) - - -### Nested Schema for `spec.deep_packet_inspection_daemonset.spec.template.spec.init_containers.resources` - -Optional: - -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--deep_packet_inspection_daemonset--spec--template--spec--init_containers--resources--claims)) -- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - - -### Nested Schema for `spec.deep_packet_inspection_daemonset.spec.template.spec.init_containers.resources.claims` - -Required: - -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. - - - - - - - - ### Nested Schema for `spec.intrusion_detection_controller_deployment` diff --git a/docs/data-sources/org_eclipse_che_che_cluster_v2_manifest.md b/docs/data-sources/org_eclipse_che_che_cluster_v2_manifest.md index a04b16201..0a8688259 100644 --- a/docs/data-sources/org_eclipse_che_che_cluster_v2_manifest.md +++ b/docs/data-sources/org_eclipse_che_che_cluster_v2_manifest.md @@ -760,7 +760,6 @@ Optional: Optional: -- `allowed_source` (Attributes) AllowedSource defines the allowed sources on which workspaces can be started. (see [below for nested schema](#nestedatt--spec--dev_environments--allowed_source)) - `container_build_configuration` (Attributes) Container build configuration. (see [below for nested schema](#nestedatt--spec--dev_environments--container_build_configuration)) - `default_components` (Attributes List) Default components applied to DevWorkspaces.These default components are meant to be used when a Devfile, that does not contain any components. (see [below for nested schema](#nestedatt--spec--dev_environments--default_components)) - `default_editor` (String) The default editor to workspace create with. It could be a plugin ID or a URI.The plugin ID must have 'publisher/name/version' format.The URI must start from 'http://' or 'https://'. @@ -790,14 +789,6 @@ Optional: - `user` (Attributes) User configuration. (see [below for nested schema](#nestedatt--spec--dev_environments--user)) - `workspaces_pod_annotations` (Map of String) WorkspacesPodAnnotations defines additional annotations for workspace pods. - -### Nested Schema for `spec.dev_environments.allowed_source` - -Optional: - -- `urls` (List of String) The list of approved URLs for starting Cloud Development Environments (CDEs). CDEs can only beinitiated from these URLs. - - ### Nested Schema for `spec.dev_environments.container_build_configuration` diff --git a/docs/data-sources/pgv2_percona_com_percona_pg_cluster_v2_manifest.md b/docs/data-sources/pgv2_percona_com_percona_pg_cluster_v2_manifest.md index c82bd22c9..e322ef60c 100644 --- a/docs/data-sources/pgv2_percona_com_percona_pg_cluster_v2_manifest.md +++ b/docs/data-sources/pgv2_percona_com_percona_pg_cluster_v2_manifest.md @@ -5634,7 +5634,6 @@ Required: - `enabled` (Boolean) - `image` (String) -- `query_source` (String) - `secret` (String) - `server_host` (String) @@ -7195,7 +7194,6 @@ Optional: Optional: - `custom_replication_tls_secret` (Attributes) The secret containing the replication client certificates and keys forsecure connections to the PostgreSQL server. It will need to contain theclient TLS certificate, TLS key and the Certificate Authority certificatewith the data keys set to tls.crt, tls.key and ca.crt, respectively.NOTE: If CustomReplicationClientTLSSecret is provided, CustomTLSSecretMUST be provided and the ca.crt provided must be the same. (see [below for nested schema](#nestedatt--spec--secrets--custom_replication_tls_secret)) -- `custom_root_catls_secret` (Attributes) The secret containing the root CA certificate and key forsecure connections to the PostgreSQL server. It will need to contain theCA TLS certificate and CA TLS key with the data keys set toroot.crt and root.key, respectively. (see [below for nested schema](#nestedatt--spec--secrets--custom_root_catls_secret)) - `custom_tls_secret` (Attributes) The secret containing the Certificates and Keys to encrypt PostgreSQLtraffic will need to contain the server TLS certificate, TLS key and theCertificate Authority certificate with the data keys set to tls.crt,tls.key and ca.crt, respectively. It will then be mounted as a volumeprojection to the '/pgconf/tls' directory. For more information onKubernetes secret projections, please seehttps://k8s.io/docs/concepts/configuration/secret/#projection-of-secret-keys-to-specific-pathsNOTE: If CustomTLSSecret is provided, CustomReplicationClientTLSSecretMUST be provided and the ca.crt provided must be the same. (see [below for nested schema](#nestedatt--spec--secrets--custom_tls_secret)) @@ -7221,29 +7219,6 @@ Optional: - -### Nested Schema for `spec.secrets.custom_root_catls_secret` - -Optional: - -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referencedSecret will be projected into the volume as a file whose name is thekey and content is the value. If specified, the listed keys will beprojected into the specified paths, and unlisted keys will not bepresent. If a key is specified which is not present in the Secret,the volume setup will error unless it is marked optional. Paths must berelative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--secrets--custom_root_catls_secret--items)) -- `name` (String) Name of the referent.This field is effectively required, but due to backwards compatibility isallowed to be empty. Instances of this type with an empty value here arealmost certainly wrong.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -- `optional` (Boolean) optional field specify whether the Secret or its key must be defined - - -### Nested Schema for `spec.secrets.custom_root_catls_secret.items` - -Required: - -- `key` (String) key is the key to project. -- `path` (String) path is the relative path of the file to map the key to.May not be an absolute path.May not contain the path element '..'.May not start with the string '..'. - -Optional: - -- `mode` (Number) mode is Optional: mode bits used to set permissions on this file.Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - - - ### Nested Schema for `spec.secrets.custom_tls_secret` diff --git a/docs/data-sources/postgresql_cnpg_io_cluster_v1_manifest.md b/docs/data-sources/postgresql_cnpg_io_cluster_v1_manifest.md index dcbd8e6cd..454f56ab3 100644 --- a/docs/data-sources/postgresql_cnpg_io_cluster_v1_manifest.md +++ b/docs/data-sources/postgresql_cnpg_io_cluster_v1_manifest.md @@ -1702,7 +1702,6 @@ Required: Optional: -- `enabled` (Boolean) Enabled is true if this plugin will be used - `parameters` (Map of String) Parameters is the configuration of the plugin diff --git a/docs/data-sources/resources_teleport_dev_teleport_provision_token_v2_manifest.md b/docs/data-sources/resources_teleport_dev_teleport_provision_token_v2_manifest.md index fb84b05a7..5b7a4b492 100644 --- a/docs/data-sources/resources_teleport_dev_teleport_provision_token_v2_manifest.md +++ b/docs/data-sources/resources_teleport_dev_teleport_provision_token_v2_manifest.md @@ -246,7 +246,6 @@ Optional: - `allow` (Attributes List) Allow is a list of Rules, nodes using this token must match one allow rule to use this token. (see [below for nested schema](#nestedatt--spec--terraform_cloud--allow)) - `audience` (String) Audience is the JWT audience as configured in the TFC_WORKLOAD_IDENTITY_AUDIENCE(_$TAG) variable in Terraform Cloud. If unset, defaults to the Teleport cluster name. For example, if 'TFC_WORKLOAD_IDENTITY_AUDIENCE_TELEPORT=foo' is set in Terraform Cloud, this value should be 'foo'. If the variable is set to match the cluster name, it does not need to be set here. -- `hostname` (String) Hostname is the hostname of the Terraform Enterprise instance expected to issue JWTs allowed by this token. This may be unset for regular Terraform Cloud use, in which case it will be assumed to be 'app.terraform.io'. Otherwise, it must both match the 'iss' (issuer) field included in JWTs, and provide standard JWKS endpoints. ### Nested Schema for `spec.terraform_cloud.allow` diff --git a/docs/data-sources/sonataflow_org_sonata_flow_platform_v1alpha08_manifest.md b/docs/data-sources/sonataflow_org_sonata_flow_platform_v1alpha08_manifest.md index 16a792485..e795d5dbf 100644 --- a/docs/data-sources/sonataflow_org_sonata_flow_platform_v1alpha08_manifest.md +++ b/docs/data-sources/sonataflow_org_sonata_flow_platform_v1alpha08_manifest.md @@ -406,9 +406,12 @@ Optional: ### Nested Schema for `spec.services.data_index.persistence` -Optional: +Required: - `migrate_db_on_start_up` (Boolean) Whether to migrate database on service startup? + +Optional: + - `postgresql` (Attributes) Connect configured services to a postgresql database. (see [below for nested schema](#nestedatt--spec--services--data_index--persistence--postgresql)) @@ -3638,9 +3641,12 @@ Optional: ### Nested Schema for `spec.services.job_service.persistence` -Optional: +Required: - `migrate_db_on_start_up` (Boolean) Whether to migrate database on service startup? + +Optional: + - `postgresql` (Attributes) Connect configured services to a postgresql database. (see [below for nested schema](#nestedatt--spec--services--job_service--persistence--postgresql)) diff --git a/docs/data-sources/sonataflow_org_sonata_flow_v1alpha08_manifest.md b/docs/data-sources/sonataflow_org_sonata_flow_v1alpha08_manifest.md index d4c1fec41..3294dca9b 100644 --- a/docs/data-sources/sonataflow_org_sonata_flow_v1alpha08_manifest.md +++ b/docs/data-sources/sonataflow_org_sonata_flow_v1alpha08_manifest.md @@ -240,9 +240,12 @@ Optional: ### Nested Schema for `spec.persistence` -Optional: +Required: - `migrate_db_on_start_up` (Boolean) Whether to migrate database on service startup? + +Optional: + - `postgresql` (Attributes) Connect configured services to a postgresql database. (see [below for nested schema](#nestedatt--spec--persistence--postgresql)) diff --git a/docs/data-sources/sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest.md b/docs/data-sources/sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest.md index 359b4d5e4..90f7ce0d7 100644 --- a/docs/data-sources/sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest.md +++ b/docs/data-sources/sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest.md @@ -145,7 +145,6 @@ Optional: - `pod_name` (String) PodName is the name of the driver pod that the user creates. This is used for thein-cluster client mode in which the user creates a client pod where the driver ofthe user application runs. It's an error to set this field if Mode is notin-cluster-client. - `pod_security_context` (Attributes) PodSecurityContext specifies the PodSecurityContext to apply. (see [below for nested schema](#nestedatt--spec--template--driver--pod_security_context)) - `ports` (Attributes List) Ports settings for the pods, following the Kubernetes specifications. (see [below for nested schema](#nestedatt--spec--template--driver--ports)) -- `priority_class_name` (String) PriorityClassName is the name of the PriorityClass for the driver pod. - `scheduler_name` (String) SchedulerName specifies the scheduler that will be used for scheduling - `secrets` (Attributes List) Secrets carries information of secrets to add to the pod. (see [below for nested schema](#nestedatt--spec--template--driver--secrets)) - `security_context` (Attributes) SecurityContext specifies the container's SecurityContext to apply. (see [below for nested schema](#nestedatt--spec--template--driver--security_context)) @@ -2272,7 +2271,6 @@ Optional: - `node_selector` (Map of String) NodeSelector is the Kubernetes node selector to be added to the driver and executor pods.This field is mutually exclusive with nodeSelector at SparkApplication level (which will be deprecated). - `pod_security_context` (Attributes) PodSecurityContext specifies the PodSecurityContext to apply. (see [below for nested schema](#nestedatt--spec--template--executor--pod_security_context)) - `ports` (Attributes List) Ports settings for the pods, following the Kubernetes specifications. (see [below for nested schema](#nestedatt--spec--template--executor--ports)) -- `priority_class_name` (String) PriorityClassName is the name of the PriorityClass for the executor pod. - `scheduler_name` (String) SchedulerName specifies the scheduler that will be used for scheduling - `secrets` (Attributes List) Secrets carries information of secrets to add to the pod. (see [below for nested schema](#nestedatt--spec--template--executor--secrets)) - `security_context` (Attributes) SecurityContext specifies the container's SecurityContext to apply. (see [below for nested schema](#nestedatt--spec--template--executor--security_context)) diff --git a/docs/data-sources/sparkoperator_k8s_io_spark_application_v1beta2_manifest.md b/docs/data-sources/sparkoperator_k8s_io_spark_application_v1beta2_manifest.md index ffd23b03b..7f26ad32d 100644 --- a/docs/data-sources/sparkoperator_k8s_io_spark_application_v1beta2_manifest.md +++ b/docs/data-sources/sparkoperator_k8s_io_spark_application_v1beta2_manifest.md @@ -127,7 +127,6 @@ Optional: - `pod_name` (String) PodName is the name of the driver pod that the user creates. This is used for thein-cluster client mode in which the user creates a client pod where the driver ofthe user application runs. It's an error to set this field if Mode is notin-cluster-client. - `pod_security_context` (Attributes) PodSecurityContext specifies the PodSecurityContext to apply. (see [below for nested schema](#nestedatt--spec--driver--pod_security_context)) - `ports` (Attributes List) Ports settings for the pods, following the Kubernetes specifications. (see [below for nested schema](#nestedatt--spec--driver--ports)) -- `priority_class_name` (String) PriorityClassName is the name of the PriorityClass for the driver pod. - `scheduler_name` (String) SchedulerName specifies the scheduler that will be used for scheduling - `secrets` (Attributes List) Secrets carries information of secrets to add to the pod. (see [below for nested schema](#nestedatt--spec--driver--secrets)) - `security_context` (Attributes) SecurityContext specifies the container's SecurityContext to apply. (see [below for nested schema](#nestedatt--spec--driver--security_context)) @@ -2254,7 +2253,6 @@ Optional: - `node_selector` (Map of String) NodeSelector is the Kubernetes node selector to be added to the driver and executor pods.This field is mutually exclusive with nodeSelector at SparkApplication level (which will be deprecated). - `pod_security_context` (Attributes) PodSecurityContext specifies the PodSecurityContext to apply. (see [below for nested schema](#nestedatt--spec--executor--pod_security_context)) - `ports` (Attributes List) Ports settings for the pods, following the Kubernetes specifications. (see [below for nested schema](#nestedatt--spec--executor--ports)) -- `priority_class_name` (String) PriorityClassName is the name of the PriorityClass for the executor pod. - `scheduler_name` (String) SchedulerName specifies the scheduler that will be used for scheduling - `secrets` (Attributes List) Secrets carries information of secrets to add to the pod. (see [below for nested schema](#nestedatt--spec--executor--secrets)) - `security_context` (Attributes) SecurityContext specifies the container's SecurityContext to apply. (see [below for nested schema](#nestedatt--spec--executor--security_context)) diff --git a/docs/data-sources/submariner_io_broker_v1alpha1_manifest.md b/docs/data-sources/submariner_io_broker_v1alpha1_manifest.md index 51c2c4d16..32d206541 100644 --- a/docs/data-sources/submariner_io_broker_v1alpha1_manifest.md +++ b/docs/data-sources/submariner_io_broker_v1alpha1_manifest.md @@ -55,8 +55,6 @@ Optional: Optional: -- `clusterset_ip_enabled` (Boolean) Enable ClustersetIP default for connecting clusters. -- `clusterset_ipcidr_range` (String) ClustersetIP supernet range for allocating ClustersetIPCIDRs to each cluster. - `components` (List of String) List of the components to be installed - any of [service-discovery, connectivity]. - `default_custom_domains` (List of String) List of domains to use for multi-cluster service discovery. - `default_globalnet_cluster_size` (Number) Default cluster size for GlobalCIDR allocated to each cluster (amount of global IPs). diff --git a/docs/data-sources/submariner_io_service_discovery_v1alpha1_manifest.md b/docs/data-sources/submariner_io_service_discovery_v1alpha1_manifest.md index 3e8cab55e..2c22e2023 100644 --- a/docs/data-sources/submariner_io_service_discovery_v1alpha1_manifest.md +++ b/docs/data-sources/submariner_io_service_discovery_v1alpha1_manifest.md @@ -67,8 +67,6 @@ Optional: - `broker_k8s_ca` (String) - `broker_k8s_insecure` (Boolean) - `broker_k8s_secret` (String) -- `clusterset_ip_enabled` (Boolean) -- `clusterset_ipcidr` (String) - `core_dns_custom_config` (Attributes) (see [below for nested schema](#nestedatt--spec--core_dns_custom_config)) - `custom_domains` (List of String) - `globalnet_enabled` (Boolean) diff --git a/docs/data-sources/submariner_io_submariner_v1alpha1_manifest.md b/docs/data-sources/submariner_io_submariner_v1alpha1_manifest.md index df405ac6c..4eceb4831 100644 --- a/docs/data-sources/submariner_io_submariner_v1alpha1_manifest.md +++ b/docs/data-sources/submariner_io_submariner_v1alpha1_manifest.md @@ -80,8 +80,6 @@ Optional: - `ce_ip_sec_preferred_server` (Boolean) Enable this cluster as a preferred server for data-plane connections. - `ce_ip_sec_psk` (String) The IPsec Pre-Shared Key which must be identical in all route agents across the cluster. - `ce_ip_sec_psk_secret` (String) -- `clusterset_ip_enabled` (Boolean) Enable ClustersetIP default for services exported on this cluster. -- `clusterset_ipcidr` (String) ClustersetIP CIDR for allocating ClustersetIPs to exported services. - `color_codes` (String) - `connection_health_check` (Attributes) The gateway connection health check. (see [below for nested schema](#nestedatt--spec--connection_health_check)) - `core_dns_custom_config` (Attributes) Name of the custom CoreDNS configmap to configure forwarding to Lighthouse. It should be in / format where is optional and defaults to kube-system. (see [below for nested schema](#nestedatt--spec--core_dns_custom_config)) diff --git a/docs/data-sources/volsync_backube_replication_destination_v1alpha1_manifest.md b/docs/data-sources/volsync_backube_replication_destination_v1alpha1_manifest.md index 77f8e0bc6..049355821 100644 --- a/docs/data-sources/volsync_backube_replication_destination_v1alpha1_manifest.md +++ b/docs/data-sources/volsync_backube_replication_destination_v1alpha1_manifest.md @@ -590,7 +590,6 @@ Optional: - `copy_method` (String) copyMethod describes how a point-in-time (PiT) image of the destinationvolume should be created. - `custom_ca` (Attributes) customCA is a custom CA that will be used to verify the remote (see [below for nested schema](#nestedatt--spec--restic--custom_ca)) - `destination_pvc` (String) destinationPVC is a PVC to use as the transfer destination instead ofautomatically provisioning one. Either this field or both capacity andaccessModes must be specified. -- `enable_file_deletion` (Boolean) enableFileDeletion will pass the --delete flag to the restic restore command.This will remove files and directories in the pvc that do not exist in the snapshot being restored.Defaults to false. - `mover_affinity` (Attributes) MoverAffinity allows specifying the PodAffinity that will be used by the data mover (see [below for nested schema](#nestedatt--spec--restic--mover_affinity)) - `mover_pod_labels` (Map of String) Labels that should be added to data mover podsThese will be in addition to any labels that VolSync may add - `mover_resources` (Attributes) Resources represents compute resources required by the data mover container.Immutable.More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/This should only be used by advanced users as this can result in a moverpod being unschedulable or crashing due to limited resources. (see [below for nested schema](#nestedatt--spec--restic--mover_resources)) diff --git a/docs/data-sources/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.md b/docs/data-sources/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.md index 74bdaeb04..e90202f56 100644 --- a/docs/data-sources/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.md +++ b/docs/data-sources/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.md @@ -30,7 +30,7 @@ data "k8s_vpcresources_k8s_aws_cni_node_v1alpha1_manifest" "example" { ### Optional -- `spec` (Attributes) Important: Run 'make' to regenerate code after modifying this fileCNINodeSpec defines the desired state of CNINode (see [below for nested schema](#nestedatt--spec)) +- `spec` (Attributes) Important: Run 'make' to regenerate code after modifying this file CNINodeSpec defines the desired state of CNINode (see [below for nested schema](#nestedatt--spec)) ### Read-Only diff --git a/docs/data-sources/vpcresources_k8s_aws_security_group_policy_v1beta1_manifest.md b/docs/data-sources/vpcresources_k8s_aws_security_group_policy_v1beta1_manifest.md index 63f9fbc50..90c38fb98 100644 --- a/docs/data-sources/vpcresources_k8s_aws_security_group_policy_v1beta1_manifest.md +++ b/docs/data-sources/vpcresources_k8s_aws_security_group_policy_v1beta1_manifest.md @@ -65,9 +65,9 @@ Optional: Optional: -- `pod_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels andmatchExpressions are ANDed. An empty label selector matches all objects. A nulllabel selector matches no objects. (see [below for nested schema](#nestedatt--spec--pod_selector)) +- `pod_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--pod_selector)) - `security_groups` (Attributes) GroupIds contains the list of security groups that will be applied to the network interface of the pod matching the criteria. (see [below for nested schema](#nestedatt--spec--security_groups)) -- `service_account_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels andmatchExpressions are ANDed. An empty label selector matches all objects. A nulllabel selector matches no objects. (see [below for nested schema](#nestedatt--spec--service_account_selector)) +- `service_account_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--service_account_selector)) ### Nested Schema for `spec.pod_selector` @@ -75,7 +75,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.pod_selector.match_expressions` @@ -83,11 +83,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. @@ -105,7 +105,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--service_account_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.service_account_selector.match_expressions` @@ -113,8 +113,8 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.